[cap-talk] Demonstration and engagement (was: If not God)
Raoul Duke
raould at gmail.com
Tue Apr 8 14:03:23 CDT 2008
> essential value of POLA is invisible. Show somebody a
> demonstration of CapDesk and it looks essentially like
> Windows or MacOS or a Unix windowing system. What is there
> to "demonstrate"? We're not talking about something like a
ja, much like people in IT, it only "registers" about it when it
doesn't work, not when it does. presumably this is generalizable to a
general question of how to demo security features in general; maybe
other security folks would have ideas/experience related to such
questions.
i guess demos which come to my mind:
(a) find a postmortem on how some set of crucial data (SSNs, for
example) was insecure and was released. walk through a plausible demo
of how that would be done on a regular machine. follow that up, or
show side-by-side, how that would be different in a Cap system.
(b) if there are other security-enhanced versions of GUIs, presumably
they are clunky? compare them to how un-clunky it is to get similar or
better security with Cap-based tools.
demo somewhere and video tape it and put it up on YouTube.
sincerely.
More information about the cap-talk
mailing list