[Cryptography] Do capabilities work? Do ACLs work?
Bill Frantz
frantz at pwpconsult.com
Sat Feb 14 23:38:06 EST 2015
On 2/12/15 at 3:04 PM, frantz at pwpconsult.com (Bill Frantz) wrote:
>This is the first time anyone in this discussion has mentioned
>how you change ACLs. Access to them is, as far as I can tell,
>outside the ACL security system. Not good.
I will note in passing that capabilities can be used to
implement ACLs.[1] (Why you would want to is another question.)
If you also use capabilities to control how ACLs may be changed,
you have a principled answer to the problem of controlling that access.
My wire and I could set up our systems so we both have "owner"
control over all of our shared files. Not being able to do that
is the principle reason we share an ID and password. (Note: I'm
saying the security controls on our MacOSX system can't
implement our security policy.)
Cheers - Bill
[1] There are two published approaches to implementing ACLs with
capabilities.
<http://www.cis.upenn.edu/~KeyKOS/NanoKernel/NanoKernel.html>
describes the KeyKOS Unix implementation, which included Unix
style ACLs. Another approach would be to use the a Horton-like
system
<https://www.usenix.org/legacy/event/hotsec07/tech/full_papers/miller/miller.pdf>
to implement ACLs. I'd be glad to consult on such an effort at
my customary rates, but I'm officially retired now, and such an
effort sounds like work. :-)
-------------------------------------------------------------------------
Bill Frantz | Re: Hardware Management Modes: | Periwinkle
(408)356-8506 | If there's a mode, there's a | 16345
Englewood Ave
www.pwpconsult.com | failure mode. - Jerry Leichter | Los Gatos,
CA 95032
More information about the cryptography
mailing list