Reliance on Microsoft called risk to U.S. security
Zooko
zooko at zooko.com
Sat Sep 27 20:31:40 EDT 2003
"Jeroen C. van Gelderen" <jeroen at vangelderen.org> wrote:
>
> There is no way around asking the user because he is the ultimate
> authority when it comes to making trust decisions. (Side-stepping the
> issues in a (corporate) environment where the owner of the machine is
> entitled to restrict its users in any way he sees fit. The point is
> that the software agent cannot make trust decisions.)
... but you don't always have to *ask* the user, if instead you can infer from
actions that the user already performs.
I used to think that a capability desktop would be severely hobbled by the
requirement that the user state a plethora of privilege rules, until I saw
Marc Stiegler's CapDesk demo at the second O'Reilly Emerging Technologies
conference.
In that demo, a perfectly familiar desktop with "File -> Open" and
"File -> Save As" dialogs also serves as a Least-Privilege-enforcing access
control system which protects even a naive and lazy user from a malicious text
editor.
See also Ping Yee's research in secure Human Interface.
Regards,
Zooko O'Whielacronx
http://zooko.com/log.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list