Thank Goodness For the NSA — A Fable 60
davecb writes "Slaw was kind enough to post my fable on how to not have a problem with the NSA, Thank Goodness for the NSA, and a link to the more technical MAC paper. My challenge to the Slashdot community: what's the first big step to making this all come true?"
Capability Based Security (Score:4, Interesting)
So, what these articles are both calling for is Capability Based Security, in which you feed a list of resources to the OS when you run a program. This has the pleasant and reasonable effect of limiting the side effects a program can do, and protects the user, the operating system, and everyone else on the internet.
The trusted systems of the 1980s required the Administrator to supply these lists... it could reasonably be done by users these days, because we're all system administrators of our own machines, when it comes down to brass tacks. It doesn't even have to look much different than what we're used to seeing. A capability based version of Word would ask the system to get a file... which would do so via a "powerbox" (a secure way of picking files which side-steps the application doing it directly).
I applaud this fellow traveler who seeks the same sane approach I've been shouting about for years. 8)
Re:Capability Based Security (Score:4, Interesting)
Polaris: Virus Safe Computing for Windows XP [hp.com]. This is what Windows Vista's new security model should have been.