Closed bgins closed 8 months ago
jdavisp3
commented
10 months ago @bgins I think we'd like to read this one next -- would you be willing to host? I sent you a LinkedIn connect. Could you also join https://www.meetup.com/papers-we-love-pdx/events/drafts/ as a member so we could add you as a host for that event?
bgins
commented
10 months ago @bgins I think we'd like to read this one next -- would you be willing to host? I sent you a LinkedIn connect. Could you also join https://www.meetup.com/papers-we-love-pdx/events/drafts/ as a member so we could add you as a host for that event?
Yeah, I would be up for hosting this one! Accepted the LinkedIn invite, and I'm in the Meetup group.
Paper Suggestion
Content Summary
We address three common misconceptions about capability-based systems: the Equivalence Myth (access control list systems and capability systems are formally equivalent), the Confinement Myth (capability systems cannot enforce confinement), and the Irrevocability Myth (capability-based access cannot be revoked). The Equivalence Myth obscures the benefits of capabilities as compared to access control lists, while the Confinement Myth and the Irrevocability Myth lead people to see problems with capabilities that do not actually exist.
The prevalence of these myths is due to differing interpretations of the capability security model. To clear up the confusion, we examine three different models that have been used to describe capabilities, and define a set of seven security properties that capture the distinctions among them. Our analysis in terms of these properties shows that pure capability systems have significant advantages over access control list systems: capabilities provide much better support for least-privilege operation and for avoiding confused deputy problems.