[cap-talk] Google Chrome - web browser with sandboxed rendering
Tony Bartoletti
azb at llnl.gov
Tue Sep 9 18:58:44 CDT 2008
At 01:38 PM 9/9/2008, Will Pearson wrote:
>The value of automation of security to a user is dependent upon
>whether the computer can do a better job of managing it than the user.
>People comfortable with compsec would probably not benefit from
>automation until it is very advanced. But for other users the elderly
>etc. they may find it useful when it is primitive if they don't have
>the knowledge themselves or someone who can do it for them.
>
>I'd agree simple heuristics are not a good idea. But more advanced
>techniques of automation are surely worth research in the long term.
I respectfully agree :)
I (wistfully) imagine myself mildly knowledgeable on granting
capabilities with some level of granularity, conscientious about
doing the right thing, and having to make (over some unspecified
duration) hundreds of such decisions. All the while, my intelligent
trainee is looking over my shoulder, asking "why did you allow this,
deny that, etc"? Provided my thoughtful explanations, I assume this
trainee would eventually gain the sense to make these decisions with
"pretty good" accuracy.
This seems a great application of "expert systems" - an agent that
learns its master's sensibilities.
A well-designed expert system will serve to hide the tedious, routine
decisions from the user, yet can be configured to be transparent, to
be overridden (default to "ask permission") and can be queried
retrospectively regarding past decisions and reasoning.
(Not that I've ever written one ... I do recall Mycin and E-Mycin,
lol, I'm old...)
Still, sounds like a natural product in conjunction with granular
capabilities ...
Tony Bartoletti 925-422-3881 <azb at llnl.gov>
Cyber Security Research and Development
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900
More information about the cap-talk
mailing list