Confirmed users, Bureaucrats and Sysops emeriti
419
edits
Security:Strawman Model: Difference between revisions
→Notes
(→Notes) |
(→Notes) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 9: | Line 9: | ||
The main goal is to prove that this model enforces the access control policies we claim to support: same origin sandboxing for web content, and least privilege for mixtures of chrome and content functions on the control stack. | The main goal is to prove that this model enforces the access control policies we claim to support: same origin sandboxing for web content, and least privilege for mixtures of chrome and content functions on the control stack. | ||
A further goal is to handle mixtures of origins, at first by mapping their greatest lower bound to a new nonce (null) principal, but eventually with policy that allows origins to join their trust domains and collaborate safely. | A further goal is to handle mixtures of origins, at first by mapping their greatest lower bound to a new nonce (null) principal, but eventually with policy that allows origins to join their trust domains and collaborate safely. Think browser-based mashups here. | ||
=== Types === | === Types === | ||
| Line 55: | Line 55: | ||
Let P be the set of all principals. | Let P be the set of all principals. | ||
Let <= be a binary relation by which P is partially ordered. | Let <= be a "trust bound" binary relation by which P is partially ordered. | ||
For all p in P, p <= system. | For all p in P, p <= system. | ||