[cap-talk] Capabilities giving up control?
Norman Hardy
norm at cap-lore.com
Fri Jan 25 11:02:22 EST 2008
On 2008 Jan 20, at 5:02 AM, John McCabe-Dansted wrote:
> "Authority" seems to be very close to the common English meanings of
> Influence, Power and Ability.
> See e.g. http://en.wikipedia.org/wiki/Influence
>
> However I'd like to clarify one possible exception. We may casually
> say that X can "influence" Y via a covert channel, but Y might not
> be in the transitive closure of permissions. Or would we say that X
> and Y have permissions to the shared resource used to implement the
> covert channel?
We have been vague about the meaning of "transitive closure" I think.
Ordinary usage of 'authority' might say that I don't have the
authority to stop you from flying just because I am in a position to
buy the last available ticket.
This is an overt signal and I think we must include it in our security
analysis, perhaps by making permissions reflexive.
Certainly the server and client affect each other.
Covert signals are a failure of capability mechanisms which can be
minimized to a quantitative degree.
> However, we might still have the case: X -> Resource <- Y
> But not: X -> Resource -> Y
>
> Or are permissions reflexive?
>
More information about the cap-talk
mailing list