On Feb 13, 2018 I do not know where the following text came from.
I think it is not mine.
Sounds like meeting notes.
focus on program to program security
- rather than the interface to human beings
spectrum
- prevention system
- confusion, security policy
- permission system (admonition and deterrence)
Impossibilities
- copy protection
- copyright
- non-delegation
- proscribed usage of authorities
- scarce rights w/o a fixed rendezvous point
- without tamper-proof boxes
- norm may have a proof
- tamperproof software running on unprotected hardware
- can’t verify your context - are you a brain in a vat?
- deterministic systems cannot generate true randomness
- confining outwards bits is extremely difficult
- resisting denial of service attacks, except in constrained
circumstances
Fundamental Requirements
- must have a trusted computing base for any security
- must have a shared secret for private communication
- must have mutual trust in something for private communication
- for scarce rights transfer, there must be mutual trust in a 3rd party
- synergy requires a trusted third party
- no: diffie hellman, dining cryptographers
- establishing trust requires synergy??
possibilities
- confinement
- confinement of capabilities in spite of information leak
- capabilities can be rescinded
- security proofs are about closures
- synergy potentials and management
- true delegation-unonfused delegation
- delegation can only transfer capabilities subject to rescinding of
the delgator’s resources
- if the confined computation is in a deterministic compartment, then
bits coming in cannot cause a hole
- once the non-deterministic inputs are noted, then they can be
evaluated for wall banging holes.
- deterministic processes can be run in the excess resources allocated
to prevent wall banging by a non-deterministic job
limits we leverage
- enforced rules
- real time
- computational feasibility
- unguessable randomness
- verifiable guesses
- unverifiable guesses - one-time pad
- money
other items
- distinguish things that are merely computationally infeasible
- can you replace all capabilities with crypto?
- can you replace all crypto with capabilities
- ways of getting assurance
- construction
- verification
- examination
- quantum computing for breaking computing
- assaults computational feasibility, unguessable randomness
- quantum crypto
- security policy
- only have elements which are either prevention or admonition
- security user model
- capabilities separate which authority distinctions to make from who
gets the distinct authorities
- capabilities have a compositional properties
- any disjoint partition of objects relates only through capability
rules
- security
- perimeter security (applets, firewalls)
- interactional security
- capabilities
- os
- language
- crypto
- hardware
- ACLs
- issues within a level of abstraction vs issues between levels of
abstraction
- microwave attacks
- covert bits out/performance
- transducing covert bits
- radio noise/tempest
- nukes --> impossible to resist denial of service