[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Design principles and ethics
From: |
Christopher Nelson |
Subject: |
RE: Design principles and ethics |
Date: |
Wed, 3 May 2006 12:16:09 -0600 |
> > > > If I know that no one can examine AND MODIFY my data,
> then I can
> > > > make assumptions regarding the legitimacy of that data.
> > >
> > > But you do. We have a protected capability system. It's
> your data,
> > > and you're the only one who has access to it.
> > > This data cannot have been "stolen"
> > > without you (probably by accident) giving away this
> capability (or
> > > copying the data to where someone else can read it).
> >
> > No, you DON'T. This is my point: because your parent has
> all rights
> > to you, you can make no guarantees about your parent, or
> your parent's
> > parent. Which means that you do *not* have any idea about
> who is in
> > the communication chain.
>
> Ah, you're confusing yourself with a process. The user
> session is a direct child of the primary space bank. The
> system design guarantees that
> - The primary space bank will not disclose its contents
> - The session itself (which is also part of the TCB) will not
> give out any
> capabilities to its space bank (but only to newly created
> subspacebanks).
> The user's shell is a direct child of the session. No
> process is going to spy on that shell. The user interacts
> with the system through this shell. There is no danger of spying.
So the basic security argument that is being made is that:
A) There is a set of programs (services) that are under no one's
authority, these constitute the TCB.
B) There is a primordial arena that is opaque to everyone, from whence a
user session is generated.
C) The user has complete control of their own session, which means the
implicit ability to examine and/or change all code and data to which the
session has access.
Is this correct?
-={C}=-
- Re: Design principles and ethics, (continued)
- Re: Design principles and ethics, Bas Wijnen, 2006/05/03
- Re: Design principles and ethics, Pierre THIERRY, 2006/05/03
- Re: Design principles and ethics, Bas Wijnen, 2006/05/04
- Re: Design principles and ethics, Pierre THIERRY, 2006/05/04
- Re: Design principles and ethics, Bas Wijnen, 2006/05/04
- Re: Design principles and ethics, Pierre THIERRY, 2006/05/04
- Re: Design principles and ethics, Bas Wijnen, 2006/05/04
- Re: Design principles and ethics, Pierre THIERRY, 2006/05/05
- Re: Design principles and ethics, Bas Wijnen, 2006/05/05
Re: Design principles and ethics, Marcus Brinkmann, 2006/05/04
RE: Design principles and ethics,
Christopher Nelson <=
RE: Design principles and ethics, Christopher Nelson, 2006/05/04
RE: Design principles and ethics, Christopher Nelson, 2006/05/04
RE: Design principles and ethics, Jonathan S. Shapiro, 2006/05/05