[cap-talk] Capabilities giving up control?

Norman Hardy norm at cap-lore.com
Fri Jan 25 11:02:22 EST 2008


On 2008 Jan 20, at 5:02 AM, John McCabe-Dansted wrote:

> "Authority" seems to be very close to the common English meanings of  
> Influence, Power and Ability.
>   See e.g. http://en.wikipedia.org/wiki/Influence
>
> However I'd like to clarify one possible exception. We may casually  
> say that X can "influence" Y via a covert channel, but Y might not  
> be in the transitive closure of permissions. Or would we say that X  
> and Y have permissions to the shared resource used to implement the  
> covert channel?

We have been vague about the meaning of "transitive closure" I think.
Ordinary usage of 'authority' might say that I don't have the  
authority to stop you from flying just because I am in a position to  
buy the last available ticket.
This is an overt signal and I think we must include it in our security  
analysis, perhaps by making permissions reflexive.
Certainly the server and client affect each other.
Covert signals are a failure of capability mechanisms which can be  
minimized to a quantitative degree.

> However, we might still have  the case:  X -> Resource <- Y
> But not: X -> Resource -> Y
>
> Or are permissions reflexive?
>



More information about the cap-talk mailing list