[cap-talk] "ACLs don't" paper rejected from Oakland 09
Sandro Magi
naasking at higherlogics.com
Mon Feb 2 21:23:19 CST 2009
Jed Donnelley wrote:
> 1. For some readers, the particulars of this scenario may seem a
> little dated. In that case, wherever the text talks of the Vendor, think
> Web site; for Compiler, think Web browser; and for User, think Web
> page. This correspondence is explained in greater depth in the next
> section of this paper. After reading some of this section, you may
> wish to skip ahead to the subsequent section and then come back.
> _________________________
>
> Why not treat the modern example and simply note that it is
> equivalent to the historical confused deputy example? As
> stated with the compiler log example the problem at most times
> seems irrelevant.
When I read the paper last week, this was exactly my thought.
Clickjacking, CSRF and other such web attacks are the most widely
deployed and widely known examples of the Confused Deputy in action. Why
resort to a exploring an example, despite equivalence, in which few
people have any experience, when far more compelling examples are known
to all web developers, and even some lay people.
I think the paper would be more compelling if the failures of ACLs were
analyzed using one of the web/networked examples Alan has presented over
the years (I recall the copy-center and a bank). This is particularly
poignant given the second reviewer's obvious confusion about the ACLs
involved between the browser and the site.
Sandro
More information about the cap-talk
mailing list