[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith of Johns Hopkins)

David Wagner daw@mozart.cs.berkeley.edu
3 Feb 2001 02:31:17 GMT


Bill Frantz  wrote:
>I think a lot of real world benefit would come from a Principle of Least
>Authority (POLA), capability based, Unix system.  In this kind of system,
>the shell would automatically give each command access to all the files
>mentioned in the (expanded) command.  This functionality would make
>something like:
>  grep createAvatar `find . -name '*.java'`
>run in a POLA environment.

Yes, that sounds useful.  (However, I don't see why this is specific
to capabilities.  It seems to me to be a general security policy, that
could be implemented with capabilities, with ACL's, or with something
else entirely.)

Something very similar to your idea has been proposed before:

Nick Lai and Terence Gray, ``Strengthening discretionary access
controls to inhibit Trojan horses and computer viruses'',
Summer 1988 USENIX Conference, pp.275--286.

For a related system, see

Andrew Berman, Virgil Bourassa, Erik Selberg. ``TRON: Process-Specific
File Protection for the UNIX Operating System'', 1995 Winter USENIX Conference. 
http://www.cs.washington.edu/homes/speed/tron.html