[cap-talk] Plash: Empowering Security
David Chizmadia (Home)
chizmadia at comcast.net
Mon Apr 7 15:59:02 CDT 2008
Mark Seaborn wrote:
> Toby Murray <toby.murray at comlab.ox.ac.uk> wrote:
>> Unlike other sandbox approaches, Plash removes the need to specify
>> detailed policy information for each application by leveraging the
>> information that is already available about the application in the form
>> of standard package dependencies and by making smart use of existing
>> facilities like the "Open File" dialog to infer security information.
>
> That's a good description. Can you reference CapDesk, Polaris,
> Bitfrost and earlier stuff about powerboxes?
>
> On terminology: I picked the term "sandbox" to describe Plash, but I
> know others, such as the authors of the Polaris paper, have used the
> term pejoratively to describe environments such as Java applets, where
> processes can't acquire enough authority to do useful work.
>
> I avoided the term for a while, but then decided that saying
> "sandboxed process" and "unsandboxed process" was easier than saying
> "process running with limited authority" and "process running with all
> the user's authority". Maybe we can find a better term for
> limited-usefulness sandboxes or better adjectives than "sandboxed" and
> "unsandboxed"?
Hmmm, perhaps use the "fence" metaphor and tie that in with
Lincoln's quote that "Good fences make good neighbors"...
-DMC
More information about the cap-talk
mailing list