Reliance on Microsoft called risk to U.S. security
Victor.Duchovni at morganstanley.com
Victor.Duchovni at morganstanley.com
Sat Sep 27 15:48:29 EDT 2003
On Sat, 27 Sep 2003, Jeroen C.van Gelderen wrote:
> I continue to believe that few users would grant an email message
> access to both the Internet and the Address Book when they are asked
> those two questions, provided that the user had not been conditioned to
> clicking "YES" in order to get any work done at all.
>
You have not met my users! This is really rather naive. Users don't
understand pop dialogues, they raise their stress level, always clicking
"yes" makes the problem go away.
> There is no way around asking the user because he is the ultimate
> authority when it comes to making trust decisions. (Side-stepping the
> issues in a (corporate) environment where the owner of the machine is
> entitled to restrict its users in any way he sees fit. The point is
> that the software agent cannot make trust decisions.)
>
See above.
> > Also security is not closed under composition, two individually secure
> > components can combine to produce an insecure system. I think that no
> > such secure *non-trivial* least privilege system exists for a
> > graphical general purpose computer either in theory, or in practice.
>
> Are you familiar with the KeyKOS and EROS operating systems and/or
> Stiegler's CapDesk, a secure desktop in Java? They are all based on the
> Principle Of Least Privilege (trough capabilities) and they manage to
> preserve security in the face of composition. Do you consider those
> systems to be trivial, or broken? What is the reason these systems
> cannot exist in theory or practice?
>
What fraction of "real" users will be able to use these systems? Will
users really understand the composition properties of security policies?
--
Victor Duchovni
IT Security,
Morgan Stanley
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list