Secure Coding mailing list archives

Re: Microsoft SDL report card

From: Ben Laurie <benl () google com>
Date: Tue, 3 May 2011 15:16:41 +0100

On 18 April 2011 18:46, Andy Steingruebl <steingra () gmail com> wrote:

On Fri, Apr 15, 2011 at 7:33 AM, Ben Laurie <benl () google com> wrote:


Which is why I am interested in and devoting most of my time now to
capability systems.


Ben,

Is your work focused on the technical bits of this, or the human
interaction pieces?


In short: both.

 Seems to me that much of the work on technical
implementations of capabilities, fine-grained permissions, MAC, etc.
have been worked out repeatedly over time and we've never come up with
very usable systems.  Or ones that stay usable over time....


I would contend that actually, we haven't really ever tested usability
because we've never really used these systems except in the lab.

One of the things I'm excited about in our recent work is that we've
started to make progress on hybrid models where capability stuff can
coexist with existing stuff. For example, Caja and FreeBSD Capsicum.


Try setting the permissions for an application when you install it, or
figure out whether it is asking for more permissions than it really
needs, etc?


The underlying problem with these questions right now is that
permissions are expressed in terms of low-level system services (e.g.
file read/write), but actually we should be making decisions at higher
levels where the permission correspond to things the user understands
(e.g. "my account at Google" or "my Flickr photos" or "this album in
Picasa"). Capabilities seem well suited to this level of permission
management.


Thoughts?

- Andy


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

Re: Microsoft SDL report card Steven M. Christey (Apr 01)
- <Possible follow-ups>
- Re: Microsoft SDL report card Gary McGraw (Apr 04)
  - Re: Microsoft SDL report card Ben Laurie (Apr 05)
    - Re: Microsoft SDL report card Gary McGraw (Apr 05)
    - Re: Microsoft SDL report card Kevin W. Wall (Apr 05)
    - Re: Microsoft SDL report card Ben Laurie (Apr 17)
    - Re: Microsoft SDL report card Andy Steingruebl (Apr 18)
    - Re: Microsoft SDL report card Ben Laurie (May 03)
    - Re: Microsoft SDL report card Gunnar Peterson (May 03)
    - Re: Microsoft SDL report card iarce (May 05)
    - Re: Microsoft SDL report card Steven M. Christey (May 06)