[cap-talk] Reducing Ambient user authority in a Type Safe /Memory Safe OS.

[Ben Kloosterman]

Hi Jonathan , 

 

While this is undoubtedly correct, only a company like Microsoft or maybe
Apple or  Google can change the behaviour of security departments  with lots
of marketing and people explaining it ( hundreds of books , blogs, developer
conferences  etc)  . If you want people to use a new more secure operating
system the best market is the high security  niche which means you need to
convince the existing security people.   As capability systems can do
centralized management at least you give the security departments an option
and something to think about. 

 

Take your Walmart example, what you are trying to do is not build a WalMart
but change an existing more corrupt organization to become more honest which
is a different kettle of fish. 

 

Regards, 

 

Ben Kloosterman

 

From: cap-talk-bounces at mail.eros-os.org
[mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of Jonathan S. Shapiro
Sent: Thursday, January 14, 2010 5:00 AM
To: jamesd at echeque.com; General discussions concerning capability systems.
Subject: Re: [cap-talk] Reducing Ambient user authority in a Type Safe
/Memory Safe OS.

 

Relevant to this:

 

 
<http://research.microsoft.com/en-us/um/people/cormac/papers/2009/SoLongAndN
oThanks.pdf>
http://research.microsoft.com/en-us/um/people/cormac/papers/2009/SoLongAndNo
Thanks.pdf

 

On Sat, Dec 19, 2009 at 12:18 PM, James A. Donald <jamesd at echeque.com>
wrote:

Ben Kloosterman wrote:
> -          The desire by admins ( and hence organizations) to allow only
> system/security admins to approve certain functions which may includes
> installing applications in some organizations.   This includes the
> centralized control of rights.

People desire what is not good for them.  What they desire is that other
people are required to do certain tasks, and then required to seek
permissions to accomplish those tasks - which pretty much guarantees
that users will work to subvert security.  And since the end user has
physical control of the box or the data, the end user will always
succeed.  The petty bureaucrat, by maximizing his power within the
organization, undermines the organization's security.

Observe that one of the big reason's for walmart's success is that other
big box company purchasing managers routinely accept bribes from
salesmen, while Walmart purchasers are notoriously honest.

Meeting admin desires is in this case meeting admin desire to undermine
security for personal benefit.  Security mechanisms have to benefit the
person who has physical control of the data and the box on which it
resides, not the admin, or else they will always be bypassed.


_______________________________________________
cap-talk mailing list
cap-talk at mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20100114/d4980817/attachment.html