<< Previous << [Session1 Index] >> Next >>

Security Problems

Principle Of Least Authority: confine object to fully minimally adequate operating environment
Confinement
Keeping Objects Associated with their Authorities
Too Many If Statements, Too Little Performance

Security is not a new problem; mainframe computer developers struggled with it for decades, and learned many lessons. There are some classical problems which one must solve to supply security while still allowing work to get done. The general problem a security solution must face is that of enforcing the Principle of Least Authority: you want to give each individual software object all the access authority it needs to do its job, but absolutely no more. The access rights must be fully, but absolutely minimally, adequate. To get to this point, there are several specific problems you must face.

The Confinement Problem is the place where most security questions start. Keeping objects associated with their authority is a subtle problem which very quickly bites those who take a naive approach using access control lists. The problem with lots of "if" statements sucking up all the computation power available is another quick-arriving problem. We will explore each in turn.