localhost_frssoft
/
ocappub
mirror of https://gitlab.com/spritely/ocappub.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add section on accountability

This commit is contained in:
Christopher Lemmer Webber 2019-07-30 15:47:48 -04:00
parent 0b920742f2
commit 51ad79f800
No known key found for this signature in database
GPG Key ID: 4BC025925FF8F4D3
1 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
README.org
View File

@ -1342,6 +1342,54 @@ now both refuse to forward messages.
**** Accountability
Both Ben and Lem contact Alyssa and insist neither of them made those
edits to the document.
Couldn't they please get access again to write to the file?
That evening, Alyssa thinks about it and decides that yes, she could,
if next time she could hold whoever did it accountable so she could
prevent the problem from happening again and know who violated her
trust.
Alyssa makes two new capabilities, but these ones are a little bit
different than before: while both allow writing to the file, this time
she associates each one with the name of the person she is handing it
out to.
Now if Bob writes to the file, it's logged that Bob made this change,
and if Lem writes to the file, it's logged that Lem made this change.
Alyssa hands out these new write-capable-but-logging ocaps to Bob and
Lem and logs off for the evening.
The next morning, the file is defaced again.
But the logger picks it up: Lem made all these changes!
Alyssa revokes the capability she gave to Lem and gives him a call
on the phone.
Lem swears, he really didn't make these changes!
Alyssa shows him her proof, and Lem thinks about it.
Well... Lem is really sure that he didn't make those changes, but
he knows that Mallet wanted access to the file.
It could be that Mallet asked him for it when they went out
drinking and Lem was intoxicated... or it could be that Mallet used
that opportunity to insert a backdoor into his device.
Lem really isn't sure, but insists that /he/ is not the one that did
it.
Alyssa trusts Lem enough as a person (but not as a person who
practices good security hygeine), and distrusts Mallet enough, that
she finds this story plausible.
Still she considers with satisfaction that placing the blame "on the
capability she gave to Lem", whether or not it was Lem that did it,
was what she really needed to get to the bottom of the situation.
"For now, you can email me suggestions," Alyssa tells Lem.
"But the next time you want to collaborate on a document, make sure
you're more careful with your authority.
And if you're not sure whether Mallet might have a backdoor in your
system or not, maybe it's time to do a thorough exorcism of your
computer."
Lem apologizes and agrees... he plans to try to audit his computer
tonight.
**** Composition
# add backup of file example; alice's composed capability should