Subject: Re: [e-lang] "Capability Myths Demolished" (was: Software security workshop)

From: Bill Frantz <frantz@pwpconsult.com> · Date: Sat, 7 Dec 2002 12:51:58 -0800

At 4:41 PM -0800 12/6/02, David Wagner wrote:
>  - the capability community has a jargon of its own that took
>    me a while to pick up (I could give dozens of examples);

Perhaps having been active in the capability community for on the order of
30 years, I'm the last one to try to grok the problems of newcomers,  but I
would like to see some examples of what terminology you consider jargon.
In many cases, making people understand the jargon is the fastest way to
get them to understand the field. daw

On a related subject, it seems to me that the model of ambient capabilities
is quite useful because,  if you can prove some security property of a
program using ambient capabilities, then you don't have to consider that
program's correctness.  You do have to consider the program's correctness
when you need to use object capabilities* in your proof.  Consider proving
that a program does not perform actions that fall into the confused deputy
category.

* Thanks Dean, for this terminology. 

Cheers - Bill marcs 

-------------------------------------------------------------------------
Bill Frantz           | Sacred cows make the   | Periwinkle -- Consulting
(408)356-8506         | tastiest hamburgers.   | 16345 Englewood Ave.
frantz@pwpconsult.com |         - David Wagner | Los Gatos, CA 95032, USA

_______________________________________________
e-lang mailing list
e-lang@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang