[cap-talk] "ACLs don't" paper rejected from Oakland 09
David-Sarah Hopwood
david.hopwood at industrial-designers.co.uk
Mon Feb 2 11:10:16 CST 2009
Toby Murray wrote:
> All equivalence claims between caps and ACLs are about expressible
> static configurations of permissions. In this case, they *are*
> equivalent -- both can express the same static configurations of
> permissions.
This is false, because in the capability case, the access matrix is
not an abstraction of all relevant protection state. In a capability
system, it matters (to the results of access decisions, and therefore
to the ability to resist classes of attack) which capabilities are stored
in which variables. This information is not present in the access matrix.
--
David-Sarah Hopwood ⚥
More information about the cap-talk
mailing list