summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security.mdwn33
1 files changed, 33 insertions, 0 deletions
diff --git a/security.mdwn b/security.mdwn
index 1bdc8c34..ae925f74 100644
--- a/security.mdwn
+++ b/security.mdwn
@@ -25,3 +25,36 @@ Alan Karp [identifies][1] 11 security questions:
* Denial of service Can I be assured of access?
* Physical security Who can touch it?
+
+Mark Miller [proposes][2] some ways to think about security relationships:
+
+ [2]: http://www.eros-os.org/pipermail/cap-talk/2008-March/010615.html
+
+A way to talk about security relationships
+
+Permissions channels (necessarily overt in a sensible system) are phisical:
+
+ * Alice gives Bob a car or a car key.
+
+Online overt information channels are visual:
+
+ * Bob can see Carol. Bob can see Carol's car.
+ * (Potential, transitive) overt connectivity is line of sight.
+ * Lack of overt connectivity (including revocation) is occlusion.
+ * Alice tells the Caretaker to turn opaque, blocking Bob's view of Carol.
+
+Offline overt channels are visual but indirect:
+
+ * Bob can see that Kilroy was here.
+
+Online non-overt channels (both covert & side) are auditory:
+
+ * Bob can hear Carol (e.g., hear Carol banging on the wall)
+ * Alice tries to silence (or mute) Carol
+ * Alice deafens Bob (or creates a deaf Bob)
+ * In order for Bob to hear Carol's wall banging, Bob and Carol,
+ must be awake at the same time
+
+Offline non-overt channels are olfactory:
+
+ * Bob can smell that Kilroy was here, even if Kilroy is asleep or dead.