[E-Lang] Summary for Practical Programming

Tyler Close tclose@oilspace.com
Sat, 3 Feb 2001 12:35:45 -0000


David Wagner wrote:
> Tyler Close wrote:
> >It follows that everyone also agrees that the capability model is
> >theoretically sound.
>
> Can you give me a definition of what it means for a protection
> mechanism to be theoretical sound, or point me to a paper where
> such a definition is proposed?

Sorry, this was not precise enough.

By "theoretically sound" I meant that the model can enforce the
prohibitions that it expresses. Depending on the definition of an ACL
that we eventually settle on, and discussion of the defined ACL, it is
not clear yet (for me at least) that an ACL can enforce what it
expresses. In my way of speaking, something is not "sound" if it does
not fulfil the function that it claimed.

Tyler