[E-Lang] Java 2 "Security" (was: Re:
WelcomeChrisSkalkaandScottSmith of Johns Hopkins)
David Wagner
daw@mozart.cs.berkeley.edu
3 Feb 2001 02:31:17 GMT
Bill Frantz wrote:
>I think a lot of real world benefit would come from a Principle of Least
>Authority (POLA), capability based, Unix system. In this kind of system,
>the shell would automatically give each command access to all the files
>mentioned in the (expanded) command. This functionality would make
>something like:
> grep createAvatar `find . -name '*.java'`
>run in a POLA environment.
Yes, that sounds useful. (However, I don't see why this is specific
to capabilities. It seems to me to be a general security policy, that
could be implemented with capabilities, with ACL's, or with something
else entirely.)
Something very similar to your idea has been proposed before:
Nick Lai and Terence Gray, ``Strengthening discretionary access
controls to inhibit Trojan horses and computer viruses'',
Summer 1988 USENIX Conference, pp.275--286.
For a related system, see
Andrew Berman, Virgil Bourassa, Erik Selberg. ``TRON: Process-Specific
File Protection for the UNIX Operating System'', 1995 Winter USENIX Conference.
http://www.cs.washington.edu/homes/speed/tron.html