[cap-talk] Avoid overconfidence (was: Any hope in RSA 2008?)
Karp, Alan H
alan.karp at hp.com
Sat Apr 5 19:34:54 CDT 2008
MarkM wrote:
>
> In the DarpaBrowser exercise, many of the holes that Wagner & Tribble
> found, even in security-enforcing modules, were unexploitable because
> these modules had so little authority available for abuse.
Often asking if we can block attacks is inadequate. We must also ask if we've limited the damage that can be done by a successful attack to an acceptable level. That's where POLA shows its strength.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list