[cap-talk] Reinterpreting POLA - "Authority Must Not Exceed Trust"
James A. Donald
jamesd at echeque.com
Mon Sep 17 17:26:18 EDT 2007
Toby Murray wrote:
> I think I see where the disagreement comes from. I'm
> not trying to propose a design goal. POLA might well
> be the strongest design goal one can hope for. I'm
> trying to propose a criterion that can be used to
> determine whether a system is secure from a particular
> stakeholder's point of view.
By and large, most stakeholders do not have a point of
view. They just want a computer that is not afflicted
with trojans and viruses and does not get converted into
a zombie.
They want stuff to come forth from the operating system
and the installer created with the authority it needs,
and not ask them. If you do ask them, they will give
the wrong answers because they are not in any position
to give the right answers.
More information about the cap-talk
mailing list