[Cryptography] Can crypto implement OS/FS protections ?

Michael Kjörling 9bf3a7ef93bb at ewoof.net
Wed Nov 23 08:13:49 EST 2022

On 22 Nov 2022 14:56 +0000, from hbaker1 at pipeline.com (Henry Baker):
> Consider Unix/Linux read/write/execute/owner/group protections.
> Wouldn't 'execute' be analogous to today's 'trusted boot' chains ?
> Presumably 'owner' would be connected to a public key for the owner.
> Are there crypto versions of 'group' ?

A group is just a named set consisting of some (non-negative but
possibly zero) number of specified users. So if the concept of owner
(a user) maps to a single public key, then the concept of group would
likewise map to a set of public keys any one of which is sufficient to
authorize the action in question.

As long as we ignore performance, that makes it easy: if you already
have some function authorized_for(action, identity) where action
represents some action to be taken, identity is a user's public key or
other identity-bearing token, and the return value somehow indicates
whether the action is allowed or not; then all you need is a way to
iterate over a set of values of identity until that function either
returns "allowed" or you run out of identities to try (the latter
resulting in an ultimate result of disallowed).

For proper protection you would of course want that to be an atomic
part of, for example, the I/O code path, not a separate test, but I'm
simplifying here to illustrate the possible solution given the set of
building blocks.

✍  Michael Kjörling                  🏡 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

More information about the cryptography mailing list