Home » forums » LtU Forum

Delegating Responsibility in Digital Systems: Horton's "Who Done It?"

Jed Donnelley, Alan Karp, and I would like your comments on our draft paper

Delegating Responsibility in Digital Systems:
Horton's "Who Done It?"

Programs do good things, but also do bad,
making software security more than a fad.
The authority of programs, we do need to tame.
But bad things still happen. Who do we blame?

From the very beginnings of access control:
Should we be safe by construction,
or should we patrol?
Horton shows how, in an elegant way,
we can simply do both, and so save the day.

with apologies to Dr. Seuss

We plan to submit it to USENIX HotSec 07 (Hot Topics in Security) which has a five page limit. Submission deadline is 6/1/2007. We think this paper is important. Your comments and suggestions will be greatly appreciated. Thanks!

By MarkM at 2007-05-19 16:44 | LtU Forum | previous forum topic | next forum topic | other blogs | 9458 reads

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Great abstract ;-)

Great abstract ;-)

By Ehud Lamm at Sun, 2007-05-20 12:51 | login or register to post comments

grammar weenie-ness

shouldn't it be "whom"? (or was that what the apology was for ;-)

By raould at Tue, 2007-05-22 01:48 | login or register to post comments

Me Done It or I Done It.

Me Done It or I Done It. There is your answer.

By Derek Elkins at Tue, 2007-05-22 03:41 | login or register to post comments

Which phrase?

What about the "who do we blame" part?

By Kannan Goundan at Tue, 2007-05-22 05:31 | login or register to post comments

It should be "whom"

Grammatically, "who do we blame" should indeed be "whom do we blame".

By naasking at Tue, 2007-05-22 13:25 | login or register to post comments

Kiss "whom" goodbye

That reflects the opinion of at least one professional linguist.

By Doug Landauer at Tue, 2007-05-22 17:25 | login or register to post comments

Heh, better to kill it clean

Heh, better to kill it clean than see it repeatedly misused and abused? ;-)

Pity, since it's really simple to get right once you learn the rule.

By naasking at Tue, 2007-05-22 18:22 | login or register to post comments

Nice paper

I like it. It's a nice pearl that makes good use of its five pages and clearly demonstrates the power of this approach. The connection with traditional ACLs, while clearly motivated, could maybe use a little more exposition. The diagrams are a little busy and it's unfortunate that they're often on pages somewhat removed from the relevant text. But the page limit probably accounts for most of that.

All in all, it reminds me once again that I'd really like to spend some time with E. Thanks for sharing it with us!

By Matt Hellige at Tue, 2007-05-22 17:08 | login or register to post comments

Cheezy "animation"

Hi Matt, thanks!

You're right about various formatting decisions being driven by the page limit. But I had an additional motivation for placing the diagrams at the same position on three successive pages. When reading online (as with Acrobat in full page mode), turning the pages causes the diagrams to "animate" a bit. Please try it and let me know if this trick makes them easier to follow. Thanks.

It's like the old trick you'd occasionally see in a paper book of placing successive animation frames at the same position on successive odd pages. You could use your thumb to "animate" the diagram.

By MarkM at Wed, 2007-05-23 14:30 | login or register to post comments

Actually, that helps a lot!

Actually, that helps a lot!

By Matt Hellige at Wed, 2007-05-23 19:52 | login or register to post comments

Spending time with the example code

> All in all, it reminds me once again that I'd really like to spend some time with E.

The messages here and here should help you get started interactively exploring the example code in the paper.

By MarkM at Wed, 2007-05-23 14:33 | login or register to post comments