[cap-talk] Confused Deputies in Capability Systems

Toby Murray toby.murray at comlab.ox.ac.uk
Sat Feb 7 09:01:51 EST 2009


On Fri, 2009-02-06 at 21:38 +0000, Karp, Alan H wrote:
> Toby Murray wrote:
> > 
> > Consider the final example from
> > http://www.comlab.ox.ac.uk/people/toby.murray/papers/NDA.pdf in which
> > users use non-delegatable authority provided by a "credential"
> > capability to access classified networks via routers who are supposed
> > to
> > check the authenticity of such credentials before relying on them.
> > Suppose a router fails to authenticate a credential. Then in a very
> > strict sense, it could be considered a confused deputy.
> >
> Allowing access with a potentially forged credential is a bug, not a confused deputy.

Why?

Cheers

Toby



More information about the cap-talk mailing list