[cap-talk] Plash: Empowering Security
Toby Murray
toby.murray at comlab.ox.ac.uk
Sat May 17 10:08:53 CDT 2008
On Mon, 2008-04-07 at 12:02 +1000, James A. Donald wrote:
> Toby Murray wrote:
> > Unlike other sandbox approaches, Plash removes the need to specify
> > detailed policy information for each application by leveraging the
> > information that is already available about the application in the form
> > of standard package dependencies and by making smart use of existing
> > facilities like the "Open File" dialog to infer security information.
>
> This is the key, and I think it needs more emphasis and explanation.
> The key concept that you neglect to emphasize enough, is combining
> designation with permission. No one bothers to manage permissions until
> disaster ensues, and if they have to manage permissions, it is seldom
> clear what they should do - or more likely what they should have done to
> avoid the disaster which has just happened. Therefore we absolutely
> have to attach permission to the coat tails of designation, otherwise
> there is absolutely no way permissions are going to be managed correctly.
I agree. But this isn't an article about the underlying design
principles that ensure permissions are managed correctly, but rather a
high-level sales pitch for Plash. You're absolutely right though.
More information about the cap-talk
mailing list