I’ve recently decided that I’d start a new series of weekly posts about interesting arcicles I’ve read. This is the first post in this series.
For each interesting position from my reading list, I’ll provide a short summary. Please note that those summaries are not meant to be comprehensive. They are here only to give an idea of the topics covered.
Although I’ve started reading it last week, I’d like to include it in my summary as it’s been a very good read. The title says it all: it is an overview (an introduction?) to the capability paradigm.
The idea behind capabilities is that instead of exposing complex, multiple-purpose interfaces that can be used to perform many different operations and procuring an equally complex access-control system separate from those operations, it is better to expose a limited interface that only allows to perform the operations we wish their user could perform. In this context, the interface is the capability because when handed over to a user, it gives them the capability to perfrom operations on resources of some kind.
The article refers to a useful example: operating systems usually specify files as paths represented as character strings, without limiting their use. To actually limit accessibility of files to different users, access control system based on users and groups is provided.
In such environment, a path can be passed to system routines, such as
unlink. Should the software used by the user be replaced
by an evil adversary, it could harm user’s files. However, if the
operating system passed files as objects with only a limited set of
operations available, it would be much harder for the program to
misbehave. It could also keep the user from misusing their own files.
A very entertaining read about two fundamentally different approaches to computer security: designing secure systems and extinguishing fires. Concepts like white and black lists are compared, exposing challenges of doing the latter right.
Recommended by the above text by Marcus J. Ranum, it is an in-depth analysis of decay of reliability of space shuttles. It also underlines the importance of the choice between bottom-up and top-down design approaches and the importance of careful design that doesn’t skip any important detail.