[cap-talk] POLA and decomposition:sum of functionality*authority but how about the dynamics?

[Rob Meijer]

On Thu, September 20, 2007 07:41, Mark Miller wrote:
> On 9/19/07, Rob Meijer <capibara at xs4all.nl> wrote:
>> [...] POLP translates to using functional decomposition in order to
>> achieve
>> the lowest possible sum of subsystem functionality times subsystem
>> privileges.
>
> Hi Rob, you lost me here. What's being summed? Multiplied? Minimized?
> Why?


I may have been taking 5 steps and only explaining the last two in my
question. Note, we are talking about 'static' privileges here.

1      : You have a given set of functionality that you want some new
         project to provide.
2      : In order to implement the project, you need to decompose it into
         some kind of subsystems S[i] (i=1 .. n).
3)     : Each subsystem should based on its own functionality be
         confinable to least privilege p[i].
4)     : As a quantifier of risk the subsystems poses you can take the
         product of the privileges the sumsystem requires and the
         complexity c[i] of the subsystem implementation.
         r[i] = c[i]*p[i]
5)     : For the project as a whole to adhere to POLP, the
         the sum of all r[i] for i=1..n should be minimized.

I hope this is making some sense, and am hoping we are in agreement so far.

My problem is now that having used the static variant in the preceding
, I would like to use the same line of reasoning to show how a
similar rule of thumb could be made for finding the most proper functional
decomposition based on the dynamic free delegation, revocation and 
authority, and if possible showing at the same time that applying the
same rule of thumb to the static variant, that the dynamic variant should
in many cases translate to a lower risk factor for a composite project.

Rob