A new kind of security needed
Chris Palmer
chris at noncombatant.org
Sun Jul 27 03:48:04 UTC 2008
On Jul 24, 2008, at 4:20 PM, Matthew Dillon wrote:
> I think the best way to approach the problem is to work out the
> desired
> userland API first... find the easiest and most convenient way to
> wrap
> an application, what kind of features are desired, etc, and then
> implement it.
I think Szilveszter Adam was right to point out that any such system
needs to work with the user, and support what the user needs in a way
that fits well with they interact with an application. Rather than
being the easiest and most convenient (for the developer), the API
should be the simplest means to provide what the user needs. That may
have been what you meant when you said "what kinds of features are
desired", though.
There's a great book that covers a wide range of security and
usability topics called *Security and Usability: Designing Secure
Systems That People Can Use*, by Cranor and Garfinkel. I highly
recommend it.
http://books.google.com/books?id=wDVhy9EyEAEC&dq=lorrie+faith+cranor+simson+garfinkel+usable+security&pg=PP1&ots=BOKHuIHr2u&sig=e-DoE4ap0ldkxffFqUs8LaROmYc&hl=en&sa=X&oi=book_result&resnum=1&ct=result
More information about the freebsd-security
mailing list