[cap-talk] POLA and decomposition:sum of functionality*authority but how about the dynamics?
Rob Meijer
capibara at xs4all.nl
Thu Sep 20 17:31:20 EDT 2007
On Thu, September 20, 2007 23:04, Mark Miller wrote:
> On 9/20/07, Rob Meijer <capibara at xs4all.nl> wrote:
>> 4) : As a quantifier of risk the subsystems poses you can take the
>> product of the privileges the sumsystem requires and the
>> complexity c[i] of the subsystem implementation.
>> r[i] = c[i]*p[i]
>
> Rob, you are still completely losing me with this multiplication. I
> have no idea why you are multiplying privilege and complexity. The
> only thing I can think of (with Ihab's help) is that you are using
> "complexity" as an indicator of your uncertainty that the subsystem
> does what you think it does. Are we in the same ballpark? If not, can
> you find a different approach for explaining this?
>
The multiplication comes from the fact that risk can be defined as
probability times impact (cost). If you assume impact to be quantifyable
by privilege and probability to be lineair with complecity, you end up
with the abouve. The linearity assumption may not be always correct, but
it is IMHO a workable quantification for choosing between competing
decompositions according to static priviledges.
Is the abouve making sense? and if so do you have any clue as how to
translate such a rule of thumb to POLA systems with delegations instead of
static priviledges? If the rule of thumb for POLP is wrong to begin with,
is there any alternative way to choose the most POLP/POLA compliant
decomposition in such a way that risk is minimized?
Rob
Rob
of a particular
More information about the cap-talk
mailing list