Re: Microsoft ammunition
At 12:49 PM 3/28/97 -0800, Bill Frantz wrote:
Whether your personal files are stored on a local disk or on a server doesn't matter. What matters is whether random downloaded code (again, Java or ActiveX doesn't matter) can use your authority to read/modify those files. The ActiveX model of, "It's signed by XYZ Corp. Of course it's safe." is so much bullshit.* The Java approach of running untrusted code in a safe box is better, but doing it by validating the safety of object code requires trusting a large complex verifier.
JavaSoft has moved into the right direction. Their JECF is largely capabilities based and in fact, Java security in general in moving towards capabilities. That won't help you against attacks via the underlying insecure OS, such as Windows 95/NT, MacOS, or UN*X which the typical user will be running, but it is miles ahead of the initial sandbox model.
* See Norm Hardy's paper, "The Confused Deputy", which I believe is still available through the EROS page at the University of Pennsylvania.
I was a talk by Norm that made me see the light. Secure computing requires capabilities. And there is anecdotal evidence that it was Norm who indirectly pointed JavaSoft to the solution to their leaking sandbox problem. Time for my usual plug: if you are unfamiliar with capabilities based operating systems or don't know why they are the only currently available solution to a whole host of computer security problems, do a search for "KeyKOS". It should get you started. -- Lucky Green mailto:shamrock@netcom.com PGP encrypted mail preferred "I do believe that where there is a choice only between cowardice and violence, I would advise violence." Mahatma Gandhi
At 7:58 PM -0800 3/29/97, Lucky Green wrote:
At 12:49 PM 3/28/97 -0800, Bill Frantz wrote: Time for my usual plug: if you are unfamiliar with capabilities based operating systems or don't know why they are the only currently available solution to a whole host of computer security problems, do a search for "KeyKOS". It should get you started.
Lucky - Thanks for your kind words. And for my usual plug: Those interested in KeyKOS ideas in a system which runs on "PC Compatible" hardware should look at Jonathan Shapiro's EROS system being developed at the University of Pennsylvania. ------------------------------------------------------------------------- Bill Frantz | Back from caving in Borneo.| Periwinkle -- Consulting (408)356-8506 | Great caves. We mapped | 16345 Englewood Ave. frantz@netcom.com | 25KM on the expedition. | Los Gatos, CA 95032, USA
participants (2)
-
Bill Frantz
-
Lucky Green