     |
Introduction
After many years of network security research and development it looks like we are now coming back to the original problem: weak host based security. The future of distributed and ubiquitous computing in homes, cars and mobile equipment needs a type of security that is very different from network security. We need to be able to update and run those systems - no matter how small - in a secure way. Classic role based security does not work here in most cases as there is no built in concept of a user in many devices of the future (car control computers etc.)
What does it take to build a secure system?
Besides technical layers of protection and service there is one security principle that is at the core a secure system: The principle of Least Authority (POLA) - or least privilege. All technical discussion on e.g. capabilities vs. access control lists, Role based access vs. code access security is revolving aroung this principle.
Of course there are more principles - one could also sometimes call them design patterns - like the need for a trust anchor, a trusted path for users to access systems, avoiding side-effects and multi-threading race conditions etc. We will later go into more detail here.
For now it is enough to simply ask the question: at any time while processing something - do we have more potential authority (rights) than what is currently really needed? If so - we have discovered a security problem in our system. Code planted - or just buggy software could result in doing the wrong things simply because the authority is given.