the cost of complexity (was: Re: [E-Lang] Java 2 "Security" (was: Re: Welcome ChrisSkalkaand ScottSmith of Johns Hopkins))

Karp, Alan alan_karp@hp.com
Thu, 25 Jan 2001 15:34:20 -0800


> -----Original Message-----
> From: Jonathan S. Shapiro [mailto:shap@eros-os.org]
> Sent: Wednesday, January 24, 2001 9:12 AM
> To: Mark S. Miller
> Cc: zooko@mad-scientist.com; daw@cs.berkeley.edu; e-lang@eros-os.org
> Subject: Re: the cost of complexity (was: Re: [E-Lang] Java 2 
> "Security"
> (was: Re: Welcome ChrisSkalkaand ScottSmith of Johns Hopkins))
> 
>			(snip)
> 
> However, we should not neglect the possibility that there are 
> enforceable
> policies that can be constructed more efficiently using ACLs (possibly
> assisted by capabilities) than they can be using capabilities 
> alone. Systems
> enforcing MLS appear to be an example of such a case. Note that unlike
> preventing users from gaining access, proxies across a 
> compartment boundary
> through a mediated interface are not possible.
> 

E-speak Beta 2.2 had negative permissions that allowed enforcement of
compartmentalization and MLS by configuring the permissions properly.
Compartmentalization was mandatory in that objects outside the compartment
appeared not to exist, but MLS was discretionary.  It was up to the object
itself to interpret the permissions and act on them correctly.

> 
> Jonathan
> 
> _______________________________________________
> e-lang mailing list
> e-lang@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang
> 

_________________________
Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/