Cited By
View all- Meyerovich LFelt AMiller MRappa MJones PFreire JChakrabarti S(2010)Object viewsProceedings of the 19th international conference on World wide web10.1145/1772690.1772764(721-730)Online publication date: 26-Apr-2010
Delegating responsibility in digital systems: Horton's "who done it?"
Article No.: 2, Pages 1 - 5
Abstract
Programs do good things, but also do bad, making software security more than a fad. The authority of programs, we do need to tame. But bad things still happen. Who do we blame?
From the very beginnings of access control: Should we be safe by construction, or should we patrol? Horton shows how, in an elegant way, we can simply do both, and so save the day.
References
[1]
{1} Y. Aumann and M. Rabin. Efficient deniable authentication of long messages. Int. Conf. on Theoretical Computer Science in Honor of Professor Manuel Blum's 60th birthday, pages 20-24, 1998.
[2]
{2} J. B. Dennis and E. C. V. Horn. Programming Semantics for Multiprogrammed Computations. Technical Report TR-23, MIT, LCS, 1965.
[3]
{3} J. E. Donnelley. A Distributed Capability Computing System. In Proc. Third International Conference on Computer Communication, pages 432-440, Toronto, Canada, 1976.
[4]
{4} C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI Certificate Theory (IETF RFC 2693), Sept. 1999.
[5]
{5} T. S. Geisel. Horton Hears a Who! Random House Books for Young Readers, 1954.
[6]
{6} V. D. Gligor, J. C. Huskamp, S. Welke, C. Linn, and W. Mayfield. Traditional capability-based systems: An analysis of their ability to meet the trusted computer security evaluation criteria. Technical report, National Computer Security Center, Institute for Defense Analysis, 1987.
[7]
{7} P. A. Karger and A. J. Herbert. An Augmented Capability Architecture to Support Lattice Security and Traceability of Access. In Proc. 1984 IEEE Symposium on Security and Privacy, pages 2-12, Oakland, CA, Apr. 1984.
[8]
{8} A. H. Karp, R. Gupta, G. Rozas, and A. Banerji. The Client Utility Architecture: The Precursor to E-Speak. Technical Report HPL-2001-136, Hewlett Packard Laboratories, June 09 2001.
[9]
{9} B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in Distributed Systems: Theory and Practice. ACM Trans. Comput. Syst., 10(4):265-310, 1992.
[10]
{10} M. S. Miller. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, Johns Hopkins University, Baltimore, Maryland, USA, May 2006.
[11]
{11} M. S. Miller, K.-P. Yee, and J. S. Shapiro. Capability Myths Demolished. Technical Report SRL2003-02, Systems Research Laboratory, Department of Computer Science, Johns Hopkins University, mar 2003.
[12]
{12} J. H. Morris, Jr. Protection in Programming Languages. Communications of the ACM, 16(1):15-21, 1973.
[13]
{13} D. D. Redell. Naming and Protection in Extensible Operating Systems. PhD thesis, Department of Computer Science, University of California at Berkeley, Nov. 1974.
[14]
{14} R. D. Sansom, D. P. Julin, and R. F. Rashid. Extending a Capability Based System into a Network Environment. In Proc. 1986 ACM SIGCOMM Conference, pages 265-274, Aug. 1986.
[15]
{15} M. Seaborn. Plash: The Principle of Least Authority Shell, 2005. plash.beasts.org/.
[16]
{16} J. S. Shapiro and S. Weber. Verifying the EROS Confinement Mechanism. In Proc. 2000 IEEE Symposium on Security and Privacy, pages 166-176, 2000.
[17]
{17} A. Spiessens. Patterns of Safe Collaboration. PhD thesis, Université catholique de Louvain, Louvain la Neuve, Belgium, February 2007.
[18]
{18} M. Stiegler. A picturebook of secure cooperation, 2004. erights.org/talks/efun/SecurityPictureBook.pdf.
[19]
{19} M. Stiegler, A. H. Karp, K.-P. Yee, T. Close, and M. S. Miller. Polaris: Virus-safe Computing for Windows XP. Commun. ACM, 49(9):83-88, 2006.
[20]
{20} L. van Doorn, M. Abadi, M. Burrows, and E. P. Wobber. Secure Network Objects. In Proc. 1996 IEEE Symposium on Security and Privacy, pages 211-221, 1996.
[21]
{21} D. Wagner and E. D. Tribble. A Security Analysis of the Combex DarpaBrowser Architecture, Mar. 2002. combex.com/papers/darpa-review/.
[22]
{22} B. Warner. Petmail. Codecon, 2004. petmail.lothar.com.
Index Terms
- Delegating responsibility in digital systems: Horton's "who done it?"
Recommendations
Love, digital style [Geek Life]
"I went on a date and I thought it went pretty well. But then after a few days, my date wasn't taking my phone calls. I started to wonder, 'Was it my hair-or lack of it? Maybe I just talked too much?' Or maybe she just didn't feel a spark. The point is, ...
Digital realities and archaeology: a difficult relationship or a fruitful marriage?
VAST '01: Proceedings of the 2001 conference on Virtual reality, archeology, and cultural heritageAs we stand now at the end of year 2001, supposedly time for the miracle of the Space Odyssey, it looks like most of the archaeologists or keepers of the world heritage do remain "Indiana Jones without even a whip". Far from the dream equipment used by ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
August 2007
52 pages
Publisher
USENIX Association
United States
Publication History
Published: 07 August 2007
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 3Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 23 Nov 2024
Other Metrics
Citations
Cited By
View all- Meyerovich LFelt AMiller MRappa MJones PFreire JChakrabarti S(2010)Object viewsProceedings of the 19th international conference on World wide web10.1145/1772690.1772764(721-730)Online publication date: 26-Apr-2010