[cap-talk] object-oriented-security.org

Marc Stiegler marcs at skyhunter.com
Thu Mar 4 10:52:50 PST 2010


The institutional memory has not died yet because there haven't been
enough funerals. Too many people who hold too much sway in too many
organizations still "know" that capabilities don't work. You have such
people right at Microsoft, and I have such people right here at HP.
Google, to my knowledge, is free of them, but in too many
organizations people old enough to remember CALTSS have climbed into
positions of authority, and can be severe obstacles

(unless you are able to spend months deprogramming them to the point
where they suddenly realize that they always knew that capabilities
were a good thing, and why are you bugging them about it any more
anyway? Which was how it worked out with one such high-ranked HP
technologist that markm and I worked over :-)

--marcs

On Thu, Mar 4, 2010 at 10:34 AM, Jonathan S. Shapiro <shap at eros-os.org> wrote:
> I'm curious if this institutional memory has not died by now. Capabilities,
> certainly, are back in vogue in every serious OS project that is going on
> today.
>
> On Thu, Mar 4, 2010 at 10:25 AM, Karp, Alan H <alan.karp at hp.com> wrote:
>>
>> Kenton Varda wrote:
>>
>>
>>
>> è I'm very interested in hearing about problems people have encountered
>> with the term "capability-based security".  I'm not sure I see why
>> "object-capability security" is any better -- it seems like neither of these
>> terms would mean anything to someone who doesn't first understand what is
>> meant by "capability".  "Object-oriented security", on the other hand, has a
>> good chance of being correctly interpreted even by someone who has never
>> heard of capabilities.
>>
>>
>>
>> The problem is that capabilities were “discredited” in the 1970s by the
>> defense and intelligence communities.  Even though we know those criticisms
>> were incorrect, there is a community out there with the attitude that
>> capabilities don’t work.  I’ve found that I can introduce the concepts
>> without using the c-work, such as calling it authorization based access
>> control (ZBAC).  If somebody asks if that’s just capabilities, my response
>> is “Yes, if you do it right.”  Usually by that point, they’ve seen the
>> benefits and are less likely to just walk away.
>>
>>
>>
>> ________________________
>>
>> Alan Karp
>>
>> Principal Scientist
>>
>> Virus Safe Computing Initiative
>>
>> Hewlett-Packard Laboratories
>>
>> 1501 Page Mill Road
>>
>> Palo Alto, CA 94304
>>
>> (650) 857-3967, fax (650) 857-7029
>>
>> http://www.hpl.hp.com/personal/Alan_Karp
>>
>> _______________________________________________
>> cap-talk mailing list
>> cap-talk at mail.eros-os.org
>> http://www.eros-os.org/mailman/listinfo/cap-talk
>>
>
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
>


More information about the cap-talk mailing list