[cap-talk] Reducing Ambient user authority in a Type Safe /Memory Safe OS.
James A. Donald
jamesd at echeque.com
Sat Dec 19 12:18:40 PST 2009
Ben Kloosterman wrote:
> - The desire by admins ( and hence organizations) to allow only
> system/security admins to approve certain functions which may includes
> installing applications in some organizations. This includes the
> centralized control of rights.
People desire what is not good for them. What they desire is that other
people are required to do certain tasks, and then required to seek
permissions to accomplish those tasks - which pretty much guarantees
that users will work to subvert security. And since the end user has
physical control of the box or the data, the end user will always
succeed. The petty bureaucrat, by maximizing his power within the
organization, undermines the organization's security.
Observe that one of the big reason's for walmart's success is that other
big box company purchasing managers routinely accept bribes from
salesmen, while Walmart purchasers are notoriously honest.
Meeting admin desires is in this case meeting admin desire to undermine
security for personal benefit. Security mechanisms have to benefit the
person who has physical control of the data and the box on which it
resides, not the admin, or else they will always be bypassed.
More information about the cap-talk