[e-lang] A PictureBook of Secure Cooperation
fsp at info.ucl.ac.be
Wed Mar 30 11:55:36 EST 2005
On 30 Mar 2005, at 14:08, Mark Miller wrote:
> Fred Spiessens wrote:
>> I reread the slide and I see now that you mean what you said: the
>> revoker does not provide any "actual" file authority. I disagree:
>> revocation-authority should still be considered actual authority over
>> the file, as it can not only influence who can access the file but
>> indirectly also the content of the file.
> A very interesting, and somewhat counter-intuitive, consequence of our
> definition of authority. I think this shows a strength of our
> definition rather than a weakness -- the counter-intuitive issue
> highlighted here is a real issue, which is otherwise easily missed.
> However, it also makes me itch for some new distinction intermediate
> between permission and authority, in order to enable MarcS to say
> clearly and precisely what he was originally trying to say.
With "actual file authority", I assume MarcS refers to the general
effects that are caused by (transparently mediated) reading and/or
writing to that file. We could call that "use-authority over the
file", and when the mediation is not completely transparent, we could
say that the use-authority is partial. Note of course that
"use-authority over a subject" is not restricted to effects on that
subject. Use-authority over a subject is what you get if you can
(possibly indirectly) exert permissions to that subject.
The distinction is useful as long as we are aware that sometimes Bob
can have a strict superset of the use-authority over Alice without
having to use (directly or indirectly) a single permission to Alice.
Manipulating many people into doing (or not doing) things might be more
powerful an ability than the ability to do it all yourself, even when
you cannot give (direct or indirect) "orders". The revoker example
shows that use-authority over a file is not even necessary to influence
the content of the file. Of course, all authority eventually stems from
(somebody having) use-authority.
in BNF style:
authority = use-authority | meta-authority | both
use-authority = the authority to cause the effects that could also be
caused by exerting permissions
meta-authority = the authority to influence authority
Researcher Software Security
Université catholique de Louvain
fsp at info.ucl.ac.be
More information about the e-lang