User Tools

Site Tools


projects:policy_discussion

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
projects:policy_discussion [2010/05/25 15:43]
cormac
projects:policy_discussion [2010/05/25 15:49] (current)
cormac
Line 30: Line 30:
  
 ===== Security Lattice ===== ===== Security Lattice =====
-For confidentiality,​ we assume that each origin may be its own security principal. In addition we have a LOCAL_ONLY ​label for data that should never leave the client. ​+For confidentiality,​ we assume that each origin may be its own security principal. ​ 
 +We note that '​http://​ucsc.edu'​ and '​http://​soe.ucsc.edu'​ are different principals,​ 
 +as are '​http://​ucsc.edu'​ and '​https://​ucsc.edu'​. 
 +In addition we have a LOCAL_ONLY ​principal ​for data that should never leave the client. ​
  
 In order to safely handle exfiltration attacks, we will also need a notion of integrity. ​ For all data, we will need to track which principals have influenced the data.  (Note that without declassification,​ the moment that more than one principal have affected any confidential data item, it becomes LOCAL_ONLY). In order to safely handle exfiltration attacks, we will also need a notion of integrity. ​ For all data, we will need to track which principals have influenced the data.  (Note that without declassification,​ the moment that more than one principal have affected any confidential data item, it becomes LOCAL_ONLY).
projects/policy_discussion.txt · Last modified: 2010/05/25 15:49 by cormac