[cap-talk] Reinterpreting POLA - "Authority Must Not Exceed Trust"
David Wagner
daw at cs.berkeley.edu
Tue Sep 18 05:36:08 EDT 2007
Toby Murray writes:
>That paper takes Spafford and Garfinkel's definition of security:
>
>"A computer is secure if you can depend on it and its software to behave
>as you expect"
>
>and frames it in terms of the actor ability model, in which it becomes
>
>"A system is secure from a given user's perspective if the set of
>actions that each actor can do are bounded by what the user believes it
>can do.".
At the risk of pointing out the obvious, I'll note that those two
conditions are not equivalent. The latter might well be a necessary
condition, but it is not sufficient.
I like Spafford & Garfinkel's definition.
More information about the cap-talk
mailing list