[Cryptography] North Korea and Sony

Bill Frantz frantz at pwpconsult.com
Fri Dec 12 01:15:42 EST 2014

On 12/11/14 at 12:44 PM, bear at sonic.net (Ray Dillinger) wrote:

>On 12/10/2014 05:13 PM, Bill Frantz wrote:
>>On 12/9/14 at 7:41 PM, bear at sonic.net (Ray Dillinger) wrote:
>>> We shouldn't have to work out how to PREVENT mail clients from
>>> opening executable attachments; we should be establishing legal
>>> frameworks for recovering the entirely forseeable losses from
>>> the criminally negligent entities who make mail clients which
>>> CAN!
>>More importantly, we should automatically open any program in a limited
>>authority space which limits its ability to access/change things to
>>"need to know".
>Right now there do not seem to be any capability-based secure
>Operating systems that have reached a level of development
>making them viable as real options for real companies to be
>using for everyday work.
>Could this be fixed?

Marc Stiegler, Alan H. Karp, Ka Ping Yee, and Mark Miller 
addressed this specific issue for Windows in "Polaris: Toward 
Virus Safe Computing for Windows XP", 
<http://www.hpl.hp.com/personal/Alan_Karp/polaris.pdf>. The 
basic approach (described on page 5) is to run these programs 
under a separate userID, unique to the program. It seems likely 
that their approach would extend to other popular systems.

Cheers - Bill

Bill Frantz        | I like the farmers' market   | Periwinkle
(408)356-8506      | because I can get fruits and | 16345 
Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos, 
CA 95032

More information about the cryptography mailing list