[cap-talk] More Heresey: ACLs not inherently bad
Bill Frantz
frantz at pwpconsult.com
Thu Sep 25 19:38:31 CDT 2008
marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) on Thursday, September 25, 2008 wrote:
>Not every site installation has a Norm, Bill or Alan at hand for their
>convenience :)
I agree that not every installation has people this caliber (and
thanks for the compliment). I do think that every OS has people of
this caliber working on its design. For VM/370, I knew some of them
personally.
These people work out how to maintain the system, debug failures,
install new hardware and software, administer users, and all the
other things it takes to run an OS. Then people who aren't as
familiar with the internal operations of the system use the
resulting tools and techniques. A iterative process goes on for
several years, and system maintenance becomes a smooth-running
process.
The trick is, of course, to design the tools and techniques to
maintain POLA, and the security properties the system was designed
to support. I think we managed to achieve these goals in KeyKOS, so
I think other designers should also be able to achieve these goals.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter. | Los Gatos, CA 95032
More information about the cap-talk
mailing list