[E-Lang] Java 2 "Security" (was: Re: Welcome ChrisSkalkaand
ScottSmith of Johns Hopkins)
Sat, 20 Jan 2001 00:40:29 -0500
"Mark S. Miller" wrote:
> In any case, security that works is vastly better than security that
> doesn't, like credit cards. I certainly agree that it's hard to learn
> anything about the difference between secure systems by studying something
> as hopelessly insecure as credit cards.
Looking at my question from the other end, isn't it always good to have
more layers of security if they are truly in different dimensions?
Suppose computational capabilities were indeed 1000 times more secure
than credit cards. But suppose the requirement was a computer system
10,000 times as secure as existing systems (one hack in 1000 years
instead of 10 hacks per year). Then I certainly would not settle for a
pure capability system. Capability systems, like all other security
models, have weak points. Maybe what I am suggesting, a combination of
capabilities with stack inspection (and other dimensions), is not needed
for everyday applications. But it could be a level of security
desirable for highly secure organizations.