[e-lang] A broken brand?
daw at cs.berkeley.edu
Thu Mar 13 15:35:30 EDT 2008
Toby Murray writes:
>Could you expand on "like a brand ought to". Better yet, can we agree on
>a (formal) definition of the intended behaviour of a brand?
>I am uncomfortable, however, that the definition of "correct behaviour"
>here seems rather fuzzy.
Nope. I can't give you a careful, complete specification of the desired
behavior of a brand. But I would say that the behavior exposed in my
attack seems unexpected and undesirable. My intuition is that you should
only be able to get at the contents of a sealed box if you have both the
box and the unsealer, and my attack violates that intuition. Can I make
this intuition precise? Can I provide a full specification of a brand?
Nope. The intuition is indeed fuzzy. But (in my opinion) I think this
intuition is enough to conclude that my attack is a successful violation
of the security goals of a brand, even if I can't specify all of those
security goals carefully and even if I cannot fully specify the desired
behavior for a brand. Such a spec sure would be nice to have, though.
More information about the e-lang