On Feb 13, 2018 I do not know where the following text came from. I think it is not mine. Sounds like meeting notes.

---

focus on program to program security

• rather than the interface to human beings

spectrum

• prevention system
• confusion, security policy
• permission system (admonition and deterrence)

Impossibilities

• copy protection
• copyright
• non-delegation
  • enforcing use as roles
• proscribed usage of authorities
• scarce rights w/o a fixed rendezvous point
  • without tamper-proof boxes
  • norm may have a proof
• tamperproof software running on unprotected hardware
• can’t verify your context - are you a brain in a vat?
• deterministic systems cannot generate true randomness
• confining outwards bits is extremely difficult
• resisting denial of service attacks, except in constrained circumstances

Fundamental Requirements

• must have a trusted computing base for any security
• must have a shared secret for private communication
• must have mutual trust in something for private communication
  • except public key
• for scarce rights transfer, there must be mutual trust in a 3rd party
• synergy requires a trusted third party
  • no: diffie hellman, dining cryptographers
• establishing trust requires synergy??

possibilities

• confinement
• confinement of capabilities in spite of information leak
• capabilities can be rescinded
• security proofs are about closures
• synergy potentials and management
• true delegation-unonfused delegation
• delegation can only transfer capabilities subject to rescinding of the delgator’s resources
• if the confined computation is in a deterministic compartment, then bits coming in cannot cause a hole
  • once the non-deterministic inputs are noted, then they can be evaluated for wall banging holes.
  • deterministic processes can be run in the excess resources allocated to prevent wall banging by a non-deterministic job

limits we leverage

• enforced rules
• real time
• computational feasibility
• unguessable randomness
  • verifiable guesses
  • unverifiable guesses - one-time pad
• money

other items

• distinguish things that are merely computationally infeasible
• can you replace all capabilities with crypto?
• can you replace all crypto with capabilities
• ways of getting assurance
  • construction
  • verification
  • examination
• quantum computing for breaking computing
  • assaults computational feasibility, unguessable randomness
• quantum crypto
• security policy
  • only have elements which are either prevention or admonition
• security user model
• capabilities separate which authority distinctions to make from who gets the distinct authorities
• capabilities have a compositional properties
• any disjoint partition of objects relates only through capability rules
• security
  • perimeter security (applets, firewalls)
  • interactional security
    • capabilities
      • os
      • language
      • crypto
      • hardware
    • ACLs
• issues within a level of abstraction vs issues between levels of abstraction
• microwave attacks
• covert bits out/performance
• transducing covert bits
• radio noise/tempest
• nukes --> impossible to resist denial of service