<< Previous <<
Security is not a new problem; mainframe computer developers struggled with
it for decades, and learned many lessons. There are some classical problems
which one must solve to supply security while still allowing work to get
done. The general problem a security solution must face is that of enforcing
the Principle of Least Authority: you want to give each individual software
object all the access authority it needs to do its job, but absolutely no
more. The access rights must be fully, but absolutely minimally, adequate.
To get to this point, there are several specific problems you must face.
The Confinement Problem is the place where most security questions start.
Keeping objects associated with their authority is a subtle problem which
very quickly bites those who take a naive approach using access control lists.
The problem with lots of "if" statements sucking up all the computation power
available is another quick-arriving problem. We will explore each in turn.