From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@cse.psu.edu From: "Douglas A. Gwyn" Message-ID: <3BB8BCC0.CC5C9FC2@null.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit References: <20010928010622.17297199E7@mail.cse.psu.edu>, <3BB89647.BD039EE5@zip.com.au> Subject: Re: permissions idea (Re: [9fans] on the topic of viruses) Date: Tue, 2 Oct 2001 08:34:41 +0000 Topicbox-Message-UUID: f9e2597a-eac9-11e9-9e20-41e7f4b1d025 Matthew Hannigan wrote: > ... perhaps we could have ... I don't think any scheme with fixed categories of trust can suffice for heavy-duty security. Even the military (fixed) "levels" are augmented by orthogonal (freely created) "compartments" to attain betten control over access. The big problem in automating a security policy is in stopping people or programs from taking it upon themselves to circumvent the policy. The only viable solution I know of is for *every* mode of access to *every* object to require the accessor to possess an appropriate "capability". Capability-based security is an old idea, but there have some recent developments that may make it more practical.