[Cryptography] Simpler programs?
Bill Frantz
frantz at pwpconsult.com
Fri Apr 18 23:04:32 EDT 2014
On 4/18/14 at 7:27 AM, leichter at lrw.com (Jerry Leichter) wrote:
>We've had many years of development on two broad design
>schemes: The Unix-style user/group/other model, with "user"
>being a single human's identity and all controls being
>discretionary (i.e., up to the "user", who's also the owner of
>the file); and the mandatory access control (MAC) ideas that
>came out of a military context and have seen relatively little
>use elsewhere. ACL's of various power have been around for
>years, but are rarely used. Both MAC's and ACL's have suffered
>because no one has come up with a good way for people to
>understand what they mean as actually applied to files.
>
>...
>
>We desperately need new ideas here. Unfortunately, today we
>also have the installed base problem that wasn't present when
>the current schemes were developed in the 1970's. (How did God
>create the world in only 6 days? No installed base.) Today,
>any operating system that doesn't provide either the Windows
>API's or the Unix API's is a non-starter in the back-end and
>desktop worlds. (There might be more "give" for personal
>machines, but if you don't have the weight of an Apple or a
>Google behind you, you stand little chance. Even Microsoft is
>completely outclassed here.)
Actually, there are a number of ideas which just need to be
implemented. Two off hand are the Powerbox and objects.
The Powerbox is used by an application to gain access to the
user's files. To the user, it looks just like the OS file
selection dialog which now appears. However under the covers,
the power box has access to the user's files while the
application does not. When the user selects a file for the
application, the necessary permissions for current instance of
the application are changed and it can now open the file.
Polaris worked this way, with no changes to Windows or to the
applications. A story from the Polaris developers (Alan Karp and
Marc Stiegler): They installed Polaris on a HP Labs executive's
PC while he was out of town with a training session scheduled
immediately after he returned. Scheduling problems forced a
delay on the training. When the training session started the
executive asked, "When are you going to install it?" He had been
running it for a week.
Obviously there are more elegant ways to accomplish this goal,
but MIcrosoft could implement a Powerbox in the next version of
Windows. This change would be less trauma for Windows
programmers and users than the redesign of the desktop look and
feel that comes with every new release.
Object are really an old idea. However, if properly used, they
can provide security barriers within an application. Java does a
good job here as do a number of other languages. Java lost out
in the desktop market because it took forever for the Java
Virtual Machine to initialize itself. This problem admits to
several solutions and other object languages do not have this problem.
With current object languages it takes discipline to keep
objects from accessing each other's innards. Coding standards
are something most programmers are familiar with. Enforcing them
is a somewhat solved management problem. But, you need someone
who gets information hiding in their guts to write the standards
and keep rewriting them until they are right.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Concurrency is hard. 12 out | Periwinkle
(408)356-8506 | 10 programmers get it wrong. | 16345
Englewood Ave
www.pwpconsult.com | - Jeff Frantz | Los Gatos,
CA 95032
More information about the cryptography
mailing list