From: Nick Roberts <nick.roberts@acm.org>
Subject: Re: For the AdaOS folks
Date: Wed, 5 Jan 2005 00:02:46 +0000
Date: 2005-01-05T00:02:46+00:00 [thread overview]
Message-ID: <gemini.i9thgm00phazo00dc.nick.roberts@acm.org> (raw)
In-Reply-To: LxCCd.6991$7n1.526382@news20.bellglobal.com
"Warren W. Gay VE3WWG" <ve3wwg@NoSPAM.cogeco.ca> wrote:
> Dmitry A. Kazakov wrote:
> > But the only need in firewall is the policy of trusting behind it.
>
> That is all I need to keep you from messing with my files ;-)
I think I side with Dmitry on this one.
When reading a variety of authoritative documents, papers, and books on the
subject of computer security, one of the basic principles they all espouse
is that of 'minimum necessary privilege'. In other words, access is denied
by default, of every object (file, database table, etc.) to every subject
(person, program). Access is granted between an object and a subject only
when these is a specific need.
Okay, I think this principle needs to be taken as a guideline, rather than a
strict rule. It's not likely to be practical on a very fine-grained, highly
dynamic level. Nevertheless, I intend to make the security mechanisms
capable of supporting this principle, to a reasonable degree, and to make
the default security policies implement it.
In practice, that means that, for example, when a user creates a new file
(and saves it), the new file is, by default, inaccessible to (and invisible
to) all other unprivileged users.
By the same token, I intend to make it easy to deliberately share things.
For example, a user can create a kind of directory or folder called a 'file
group', share the group with others users (by simple drag-and-drop), and
then make a file part of the group (also by simple drag-and-drop). The other
users can then see and access the file. The group can be made a 'read-only'
type or a 'full access' type.
When somebody uses an internet service in AdaOS, they do so with a certain
'role' of a certain user. This restricts their privileges (to that role of
that user). If that role is not permitted to access a file, the user of the
internet service is not, either. Of course, typically, things will be
arranged to permit minimum necessary access by internet services. For
example, a web server will be permitted to access the files (and other data)
which make up a web site, but nothing else.
The necessity for a separate firewall seems to be obviated by this
arrangement. The whole system is acting as a big firewall in itself. In
particular, AdaOS will not have any holes or back doors in its security. The
security mechanisms will be hermetically sealed. (This may be somewhat in
contrast to other operating systems.)
--
Nick Roberts
next prev parent reply other threads:[~2005-01-05 0:02 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-27 5:09 For the AdaOS folks Wes Groleau
2004-12-27 10:56 ` Florian Weimer
2004-12-27 12:50 ` Georg Bauhaus
2004-12-27 13:12 ` Florian Weimer
2004-12-28 1:18 ` Wes Groleau
2004-12-27 13:46 ` Adrien Plisson
2004-12-27 16:28 ` Georg Bauhaus
2004-12-28 6:19 ` Microkernels & Ada (Was for the AdaOS folks) Warren W. Gay VE3WWG
2004-12-28 12:02 ` Adrien Plisson
2004-12-28 15:28 ` Warren W. Gay VE3WWG
2004-12-30 1:19 ` For the AdaOS folks Nick Roberts
2004-12-30 13:58 ` Warren W. Gay VE3WWG
2004-12-30 15:27 ` Dmitry A. Kazakov
2004-12-30 16:30 ` Warren W. Gay VE3WWG
[not found] ` <otb8t09dkjh54e1k5s5ccn23ggkqk6ndui@4ax.com>
2004-12-30 19:06 ` OT: Mach Ports (For the AdaOS folks) Warren W. Gay VE3WWG
2004-12-31 10:03 ` For the AdaOS folks Dmitry A. Kazakov
2004-12-31 11:30 ` Warren W. Gay VE3WWG
2004-12-31 12:31 ` Dmitry A. Kazakov
2004-12-31 16:24 ` Warren W. Gay VE3WWG
2004-12-31 17:57 ` Marven Lee
2004-12-31 18:40 ` Warren W. Gay VE3WWG
2004-12-31 19:22 ` Warren W. Gay VE3WWG
2005-01-02 15:09 ` Marven Lee
2005-01-02 20:06 ` Luke A. Guest
2005-01-03 3:13 ` Warren W. Gay VE3WWG
2005-01-03 6:40 ` Luke A. Guest
2005-01-03 10:30 ` Marven Lee
2005-01-03 15:52 ` Warren W. Gay VE3WWG
2005-01-03 16:48 ` Ad Buijsen
2005-01-03 18:49 ` Warren W. Gay VE3WWG
2005-01-03 13:43 ` Marven Lee
2005-01-04 23:36 ` Nick Roberts
2005-01-03 16:22 ` Warren W. Gay VE3WWG
2005-01-04 23:16 ` Nick Roberts
2005-01-05 3:48 ` Warren W. Gay VE3WWG
2005-01-05 13:14 ` Nick Roberts
2005-01-01 12:53 ` Dmitry A. Kazakov
2005-01-02 0:31 ` Warren W. Gay VE3WWG
2005-01-02 11:50 ` Dmitry A. Kazakov
2005-01-02 22:04 ` Warren W. Gay VE3WWG
2005-01-03 10:30 ` Dmitry A. Kazakov
2005-01-03 16:36 ` Warren W. Gay VE3WWG
2005-01-03 17:05 ` Dmitry A. Kazakov
2005-01-03 19:01 ` Warren W. Gay VE3WWG
2005-01-03 19:55 ` Dmitry A. Kazakov
2005-01-03 20:44 ` Warren W. Gay VE3WWG
2005-01-04 0:02 ` Randy Brukardt
2005-01-04 17:44 ` Warren W. Gay VE3WWG
2005-01-04 20:14 ` Nick Roberts
2005-01-04 9:59 ` Dmitry A. Kazakov
2005-01-04 18:00 ` Warren W. Gay VE3WWG
2005-01-04 19:07 ` Dmitry A. Kazakov
2005-01-04 19:57 ` Warren W. Gay VE3WWG
2005-01-05 0:02 ` Nick Roberts [this message]
2005-01-05 4:37 ` Warren W. Gay VE3WWG
2005-01-05 18:54 ` Nick Roberts
2005-01-05 20:04 ` Warren W. Gay VE3WWG
2005-01-06 0:32 ` Nick Roberts
2005-01-06 1:29 ` Wes Groleau
2005-01-06 11:03 ` Dmitry A. Kazakov
2005-01-05 9:39 ` Dmitry A. Kazakov
2005-01-05 11:20 ` Warren W. Gay VE3WWG
2005-01-05 12:18 ` Dmitry A. Kazakov
2005-01-05 14:39 ` Warren W. Gay VE3WWG
2005-01-05 17:16 ` zest_fien
2005-01-05 19:44 ` Larry Kilgallen
2005-01-04 20:09 ` Nick Roberts
2005-01-05 10:19 ` Dmitry A. Kazakov
2005-01-05 18:33 ` Nick Roberts
2005-01-05 20:15 ` Dmitry A. Kazakov
2004-12-31 18:47 ` Nick Roberts
2004-12-31 20:36 ` Warren W. Gay VE3WWG
2005-01-04 18:22 ` Nick Roberts
2005-01-05 5:12 ` Warren W. Gay VE3WWG
2005-01-05 18:02 ` Nick Roberts
2005-01-05 19:55 ` Warren W. Gay VE3WWG
2005-01-06 0:57 ` Nick Roberts
2005-01-06 2:34 ` Warren W. Gay VE3WWG
-- strict thread matches above, loose matches on Subject: below --
2005-01-05 12:14 Mike Brenner
2005-01-05 18:04 ` Warren W. Gay VE3WWG
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox