[e-lang] comparing privilege separation to POLA fair?
Brett Cannon
brett at python.org
Fri Jun 22 16:05:41 EDT 2007
While doing exploratory research on refactoring for object-capabilities
my supervisor came across a paper from USENIX Security called Privtrans
(http://www.usenix.org/events/sec04/tech/brumley.html). Basically they
take C code that has been annotated and then automatically refactor it so
that the security critical and non-critical sections execute as separate
processes. This was based on Niels Provos' earlier work on manual
refactoring for privilege separation.
To me it seems like POLA enforcement but with processes acting as the
enforcer. Anyway, my supervisor and I realized that perhaps refactoring
for obj-cap (as I have brought up before) could be viewed as privilege
separation where separation was now provided by language-level module/object
boundaries rather than OS-level processes.
The question I have is whether everyone views this as a fair comparison to make.
And if so, to double-check whether anyone knows of any
existing papers that make this comparison. I thought this comparison might
make a good way to stage work on refactoring for obj-cap, so people
outside the obj-cap community would understand it better.
-Brett
More information about the e-lang
mailing list