[cap-talk] Butler Lampson does it again
David-Sarah Hopwood
david-sarah at jacaranda.org
Mon Dec 21 18:46:47 PST 2009
Karp, Alan H wrote:
> The November issue of CACM has an article by Butler Lampson titled "Usable Security:
> How to Get It" in which he concludes you can't.
>
> As with all his recent work he assumes a particular access control model
> which almost guarantees his conclusion. His only solution to limiting the
> damage that can be done when an attack succeeds is to have a "green" computer
> for important stuff, such as banking, and a "red" computer for general surfing.
> Of course, he admits that the "green" machine isn't really secure and that he
> doesn't know how to give users some control over moving information between
> the two machines without compromising security.
Yep, I came to the same conclusion. Lampson is no longer even making any
subtle or instructive mistakes, just really obvious ones.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20091222/a7aa47b4/attachment.bin
More information about the cap-talk
mailing list