<div dir="ltr"><div class="gmail_default" style="font-family:garamond,serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-02-09 17:23 GMT+01:00 Phillip Hallam-Baker <span dir="ltr"><<a href="mailto:phill@hallambaker.com" target="_blank">phill@hallambaker.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Sat, Feb 7, 2015 at 7:05 PM, Bill Frantz <span dir="ltr"><<a href="mailto:frantz@pwpconsult.com" target="_blank">frantz@pwpconsult.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">On 2/6/15 at 3:10 PM, <a href="mailto:kentborg@borg.org" target="_blank">kentborg@borg.org</a> (Kent Borg) wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Ah, but then one would have to stop and figure out what one is trying to do...damn! Can't I just ask for Wholesome Apple Pie and be done?<br>
</blockquote>
<br>
The more I hear people talk about making thing secure, the more I hope they will explain what they mean by secure. What I mean, in the broadest sense, is "Bad Things Won't Happen". Now this is a bit over nebulous. :-)<br>
<br>
In general, we think computers should enforce a policy. But what policy? When I ask this question, the answer I generally get is, "Any policy you want". But there are many policies we can't implement with our current security mechanisms.<br>
<br>
On our home computers, my wife and my security policy is that both of us should have full ownership permissions on all of our files since the owner is the only one who can change certain meta-data, like who can access the file.. However, on our Unix based systems, a file can have only one owner. Our solution is to share accounts. As far as the computer is concerned, there is only one of us.)<br></blockquote><div><br></div></span><div>This is the wrong policy. You are never going to open those files, nor is your wife. You don't speak binary.</div><div><br></div><div>Applications are going to open those files and what matters is that one application does not go rogue.</div><div><br></div><div>We have the wrong metaphor for applications. They are not static objects, they are zombies or gollems . We can give them tasks, but their true masters are the wizards that originally brought them to life by their incantations.</div><div><br></div><div><br></div><div>Of course, I don't know of any system that would make such a policy viable.</div></div></div></div></blockquote><div><br></div><div><br></div><div><div class="gmail_default" style="font-family:garamond,serif">Unfortunately due to different circumstances that have made me have to rearrange my spare time and have made me reconsider on the forensic aspects, I'm more than a year behind schedule so the system does still not exist, but you might find my slides and speaker notes on MinorFS-2 for the general gist of how a system like that could work at the FS level.</div><div class="gmail_default" style="font-family:garamond,serif"><br></div><div class="gmail_default" style><font face="garamond, serif"><a href="http://ohm2013.capibara.com/">http://ohm2013.capibara.com/</a></font><br></div><div class="gmail_default" style><font face="garamond, serif"><br></font></div><div class="gmail_default" style>I was hoping the talk would have been available as video by now but unfortunately the video material for the whole tent+day seems to have been lost. I tried to make a video myself by narrating the slides, but I seem to have the opposite of stage fright. While I have no issues speaking before an audience, I seem unable to speak at my computer without an audience for 30+ minutes narrating the slides without messing up all the time :-(</div></div><div class="gmail_default" style><br></div><div class="gmail_default" style>The file:</div><div class="gmail_default" style><br></div><div class="gmail_default" style><a href="http://ohm2013.capibara.com/slides/ohm2013_trojans_with_notes.pdf">http://ohm2013.capibara.com/slides/ohm2013_trojans_with_notes.pdf</a><br></div><div><br></div><div><div class="gmail_default" style="font-family:garamond,serif">has gotten all the slides twice, once without and once with the speaker notes, so if you open that file and forward to slide 59 you should be able to see both the slides and notes together from there.</div><div class="gmail_default" style="font-family:garamond,serif"><br></div><div class="gmail_default" style="font-family:garamond,serif">The basic idea is that:</div><div class="gmail_default" style="font-family:garamond,serif"><br></div><div class="gmail_default" style="font-family:garamond,serif">* You provide processes with private storage at different granularity levels.</div><div class="gmail_default" style="font-family:garamond,serif">* You provide a private $TEMP to any process.</div><div class="gmail_default" style="font-family:garamond,serif">* By default, anything in the user's directory with a name that starts with a dot maps to</div><div class="gmail_default" style="font-family:garamond,serif"> user+program granularity (other mappings are possible)</div><div class="gmail_default" style="font-family:garamond,serif">* By default, non dot files and directories map to user granularity (other mappings are possible)</div><div class="gmail_default" style="font-family:garamond,serif"><br></div><div class="gmail_default" style="font-family:garamond,serif">One thing that is not in the slides is the whole user versus owner problem, but that's been discussed on this list recently, so the slides should give you a general idea. </div><div class="gmail_default" style="font-family:garamond,serif"><br></div><div class="gmail_default" style="font-family:garamond,serif">I know the file-system is only part of the rights granularity problem being locked at the level of the user account, but at least its a start.</div></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">_______________________________________________<br>
The cryptography mailing list<br>
<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a><br>
<a href="http://www.metzdowd.com/mailman/listinfo/cryptography" target="_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br></blockquote></div><br></div></div>