[cap-talk] Failure isolation
Jed Donnelley
jed at nersc.gov
Mon Mar 17 19:38:16 EDT 2008
On 3/17/2008 3:35 PM, lists at notatla.org.uk wrote:
...
> Redundancy:
> Diversity:
> Segregation:
> Containment:
> Failsafe Defaults/Passive Safety:
> Feedback:
> ALARP:
> Interlocks:
> Monitoring/Assessment:
As you note, separation and POLA are only necessary
for most security/safety/robustness requirements,
they are not sufficient for all such requirements.
Separation and POLA are a rather simple first
step toward achieving better security in
computer systems. A "first step" that, sadly,
modern computer systems are no where near
achieving.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list