[langsec-discuss] Is computation half the story?
havoc at defuse.ca
Sun Apr 5 09:08:08 UTC 2015
On 04/01/2015 08:57 PM, Matt DeMoss wrote:
> Have you seen the paper, "Towards a Theory of Application
> Compartmentalisation?" The protocol-centered approach taken there jibes
> well with what you wrote about "informational ability."
Thanks for that reference. It looks like a promising start.
It will be interesting to see what comes of the distributed systems
analogy. My intuition says that it might still be too much abstraction,
and the paper hints at that by showing there are many ways to slice up a
Something I noticed while reading it was how security jargon hides
what's actually, mathematically, going on. Words like "trust",
"vulnerability", "malicious input" have their intuitive meanings to us
but are hard to define (let alone quantify) and reason about. That's one
reason I think it's worthwhile to try putting security on the sidelines
to find a more fundamental model.
More information about the langsec-discuss