|
|
|
|
|
|
by mikewarot
1115 days ago
|
|
|
>IME secure systems are hard to use in practice, and performance is usually worse than less secure systems. If you're talking about tacked on layers of lockdown like SElinux, AppArmor, UAC on windows, "Access to X" on your phone, etc... that's obviously true. However, a capabilities based system should be almost identical in terms of the users view of things.. instead of calling a dialog to get a file name then directly opening the file, a "powerbox" is used which returns the capability to access a file. As far as the user knows, the code behavior is identical, and they don't need to change their interactions. We've all adopted ersatz capability systems when we moved to virtual machines, containers, and the like... just a far more course grained control of access instead of individual files at runtime. I'm hoping that we finally fix computer security before I leave this world, but I'm having my doubts. WASM is a good step in the right direction, as long as they don't bypass the capabilities model in the name of "ease of use", it should help quite a bit. |
|
|