On 04/01/2015 08:57 PM, Matt DeMoss wrote: > Have you seen the paper, "Towards a Theory of Application > Compartmentalisation?" The protocol-centered approach taken there jibes > well with what you wrote about "informational ability." >
Thanks for that reference. It looks like a promising start. It will be interesting to see what comes of the distributed systems analogy. My intuition says that it might still be too much abstraction, and the paper hints at that by showing there are many ways to slice up a program. Something I noticed while reading it was how security jargon hides what's actually, mathematically, going on. Words like "trust", "vulnerability", "malicious input" have their intuitive meanings to us but are hard to define (let alone quantify) and reason about. That's one reason I think it's worthwhile to try putting security on the sidelines to find a more fundamental model. -Taylor _______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
