From 9eea5cbf29c007d200ade4658e2c3866997049eb Mon Sep 17 00:00:00 2001 From: GNU Hurd wiki engine Date: Thu, 27 Mar 2008 18:00:25 +0000 Subject: web commit by NealWalfield --- security.mdwn | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'security.mdwn') diff --git a/security.mdwn b/security.mdwn index 1bdc8c34..ae925f74 100644 --- a/security.mdwn +++ b/security.mdwn @@ -25,3 +25,36 @@ Alan Karp [identifies][1] 11 security questions: * Denial of service Can I be assured of access? * Physical security Who can touch it? + +Mark Miller [proposes][2] some ways to think about security relationships: + + [2]: http://www.eros-os.org/pipermail/cap-talk/2008-March/010615.html + +A way to talk about security relationships + +Permissions channels (necessarily overt in a sensible system) are phisical: + + * Alice gives Bob a car or a car key. + +Online overt information channels are visual: + + * Bob can see Carol. Bob can see Carol's car. + * (Potential, transitive) overt connectivity is line of sight. + * Lack of overt connectivity (including revocation) is occlusion. + * Alice tells the Caretaker to turn opaque, blocking Bob's view of Carol. + +Offline overt channels are visual but indirect: + + * Bob can see that Kilroy was here. + +Online non-overt channels (both covert & side) are auditory: + + * Bob can hear Carol (e.g., hear Carol banging on the wall) + * Alice tries to silence (or mute) Carol + * Alice deafens Bob (or creates a deaf Bob) + * In order for Bob to hear Carol's wall banging, Bob and Carol, + must be awake at the same time + +Offline non-overt channels are olfactory: + + * Bob can smell that Kilroy was here, even if Kilroy is asleep or dead. -- cgit v1.2.3