[cap-talk] The Tree Laws of Security
Rob Meijer
capibara at xs4all.nl
Sat Apr 3 04:18:47 PDT 2010
On Sat, April 3, 2010 01:56, Mark Miller wrote:
> Law of Integrity: An object may not injure its invariants, nor, through
> lack
> of defense, allow its invariants to come to harm.
>
> Law of Availability: An object must obey the messages sent to it by its
> clients, except when doing so would conflict with the integrity law.
Lets look at the concrete example that we discussed previously of
exception handling code failing to 'release' a 'claimed' resource.
The fact that the resource can be claimed and released makes that it does
not fit the label 'invariant', thus apparently these laws 'Law' would make
it an availability issue. I would think integrity would be about 'valid
state' rather than invariants, and the example of failure to release a
resource would, while impacting availability primary be an integrity
issue.
Rob
More information about the cap-talk
mailing list