[cap-talk] Why arn't safer OS being used. [ was Confessions of a C programmer]
David-Sarah Hopwood
david-sarah at jacaranda.org
Mon Sep 28 11:32:48 PDT 2009
Karp, Alan H wrote:
> Matej Kosik wrote:
>> Does any Microsoft product has all the following properties?:
>> - it (and its components) follow POLA
>
> All our current operating systems enforce POLA, but at the granularity
> of the user, which is too coarse.
I disagree that POLA is something that can be enforced by an operating
system. An OS security model can *enable* POLA, but it then has to be
followed at all levels of the system. This is a discipline that depends
on knowing the intended security goals for each component or subsystem;
it isn't a single security policy.
However, current operating systems don't do a good job of enabling POLA
even at user/account granularity. That's mainly because IBAC security
models impede delegation, which is essential for enabling POLA.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the cap-talk
mailing list