[cap-talk] Reinterpreting POLA - "Authority Must Not Exceed Trust"
David Wagner
daw at cs.berkeley.edu
Mon Sep 17 13:21:54 EDT 2007
Toby Murray writes:
>I think we need a definition of security that takes into account a
>user's perceptions. I don't think POLA does this adequately in some
>cases.
POLA isn't intended to serve as a definition of security. POLA is
a design and implementation technique that can often be helpful in
achieving security goals. Of course, there are other techniques, too.
Following even all known techniques does not guarantee security and is
not a definition of what it means for a system to be secure. We
shouldn't conflate the techniques that we use to achieve our goals
with the goals themselves.
More information about the cap-talk
mailing list