Abstract | ||
---|---|---|
I want to start with some thoughts that popped into my mind after Babak’s talk.
The obvious approach – which I am going to claim is not the right one – is shown in Figure 1. You have, in your model of your
system, the set of all the possible states that you think it could get in to, based on what people can actually do. And then you’ve got a subset of those, that
you think are the permissible states, which are the ones that you’re happy about the system being in. And the auditors are happy with them, the shareholders
are happy with them, but then there’s these other states that you might get into but don’t want to be in. And you’ve got an
outer protection perimeter round the possible states, you’re saying you can’t get outside that outer perimeter but you might
get outside this inner perimeter round the permissible states, and you want to protect yourself when you do, and then you’ve
got some sort of audit function.
|
Year | DOI | Venue |
---|---|---|
1999 | 10.1007/10720107_8 | Security Protocols Workshop |
Keywords | Field | DocType |
impossible abstractions | Virtual machine,Abstraction,Audit,Cryptographic protocol,Computer science,Computer security,Security policy | Conference |
Volume | ISSN | ISBN |
1796 | 0302-9743 | 3-540-67381-4 |
Citations | PageRank | References |
1 | 0.39 | 1 |
Authors | ||
1 |
Name | Order | Citations | PageRank |
---|---|---|---|
Bruce Christianson | 1 | 15 | 8.58 |