[cap-talk] "ACLs don't" paper rejected from Oakland 09
Toby Murray
toby.murray at comlab.ox.ac.uk
Mon Feb 2 12:22:50 CST 2009
On Mon, 2009-02-02 at 17:10 +0000, David-Sarah Hopwood wrote:
> Toby Murray wrote:
> > All equivalence claims between caps and ACLs are about expressible
> > static configurations of permissions. In this case, they *are*
> > equivalent -- both can express the same static configurations of
> > permissions.
>
> This is false, because in the capability case, the access matrix is
> not an abstraction of all relevant protection state. In a capability
> system, it matters (to the results of access decisions, and therefore
> to the ability to resist classes of attack) which capabilities are stored
> in which variables. This information is not present in the access matrix.
Who says a cap system has variables in which caps can be stored? (In
this case it wouldn't be an object-cap system but that wouldn't stop it
from being a cap system.)
More information about the cap-talk
mailing list