Delegating Responsibility in Digital Systems: Horton's "Who Done It?"

Jed Donnelley, Alan Karp, and I would like your comments on our draft paper

Delegating Responsibility in Digital Systems:
Horton's "Who Done It?"

Programs do good things, but also do bad,
making software security more than a fad.
The authority of programs, we do need to tame.
But bad things still happen. Who do we blame?

From the very beginnings of access control:
Should we be safe by construction,
or should we patrol?
Horton shows how, in an elegant way,
we can simply do both, and so save the day.

with apologies to Dr. Seuss

We plan to submit it to USENIX HotSec 07 (Hot Topics in Security) which has a five page limit. Submission deadline is 6/1/2007. We think this paper is important. Your comments and suggestions will be greatly appreciated. Thanks!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Great abstract ;-)

Great abstract ;-)

grammar weenie-ness

shouldn't it be "whom"? (or was that what the apology was for ;-)

Me Done It or I Done It.

Me Done It or I Done It. There is your answer.

Which phrase?

What about the "who do we blame" part?

It should be "whom"

Grammatically, "who do we blame" should indeed be "whom do we blame".

Kiss "whom" goodbye

That reflects the opinion of at least one professional linguist.

Heh, better to kill it clean

Heh, better to kill it clean than see it repeatedly misused and abused? ;-)

Pity, since it's really simple to get right once you learn the rule.

Nice paper

I like it. It's a nice pearl that makes good use of its five pages and clearly demonstrates the power of this approach. The connection with traditional ACLs, while clearly motivated, could maybe use a little more exposition. The diagrams are a little busy and it's unfortunate that they're often on pages somewhat removed from the relevant text. But the page limit probably accounts for most of that.

All in all, it reminds me once again that I'd really like to spend some time with E. Thanks for sharing it with us!

Cheezy "animation"

Hi Matt, thanks!

You're right about various formatting decisions being driven by the page limit. But I had an additional motivation for placing the diagrams at the same position on three successive pages. When reading online (as with Acrobat in full page mode), turning the pages causes the diagrams to "animate" a bit. Please try it and let me know if this trick makes them easier to follow. Thanks.

It's like the old trick you'd occasionally see in a paper book of placing successive animation frames at the same position on successive odd pages. You could use your thumb to "animate" the diagram.

Actually, that helps a lot!

Actually, that helps a lot!

Spending time with the example code

> All in all, it reminds me once again that I'd really like to spend some time with E.

The messages here and here should help you get started interactively exploring the example code in the paper.