Askemos 2000 (Archive)
home · features · download · archive

AskemosProtection

The rights system is the heart of Askemos. We will reason here about one of the two basic axioms.

As always with axioms, the reasoning can't be done "inside" the system (otherwise we would try to violate Gödel's completeness theorem). The first section gives a brief summary of this reasoning, which is expanded in AskemosBackground. The second section introduces a formal (set theoretic) notion of rights, and a formal criterion to sort rights systems into corruptible and incorruptible. Then we argue that "traditional" capability theory is a special case of the Askemos rights system and derive some practical consequences to show the utility.

The principle of inalienable rights

There is a set of rights associated which each individual. (Here an individual might be a person or even a thing).

It is impossible (illegal) to transfer the whole set of rights of one individual to other individuals.

It is immediately clear to human understanding, that there are inalienable rights. At the end of the day nobody can lie to his/her own consciousness. It always tells you the truth even though you might yourself lie to others. Telling you the truth is the very right of your own consciousness and you can't sign that right off at all. Therefore the idea of inalienable rights irrevocably exists in any persons understanding.

In AskemosBackground we will trace back the insight of this anthropological fact in various cultures to proof it being a common ground of mankind, independent of political and cultural differences. For instance Rousseau reasons "The Social Contract Or Principles Of Political Right" (RousseauSocialContract) about the construction of self preserving systems of rights.

The Rules

The principle of the inalienable right and a very basic set theory is the design principle behind the protection handling system of Askemos. No further assumptions which could introduce cultural or historical dependencies are made.

These rules have not yet been translated into web pages. Please see the section "distributed authority" in the paper here for a concise, formal description. (TODO the rule set in the paper should start with the definition of the element/set relationship. This is a stylistic mistake, it doesn't change anything.)

Comparison

The general protection system of Askemos overcomes deficiencies of traditional protection systems as found in operating systems at the market today.

Basically all those protection systems are based on a super power, which can overrule everything, like a king. These hierarchical systems where historically followed by democracies in history, which rely on the logical inversion of the super power, the public right. A public right is mathematically spoken a system invariant. There exists no individual power, which can overrule the public right.

At the other hand an administrative power is often needed for efficiency and it is provided as well, just restricted to a domain rooted in the administrator user.

The protection system layed out here is structured as a set of hierarchies, which can sign their parts off among each other.

A distributed system, where each point of operation is assumed to fail with some probability, requires a protection mechanism which is based on a system invariant. As a welcomed side effect it is impossible to overtake the system in the "traditional" style, where individuals can break into the administrative account of systems and destroy or steal all data.

Capability based schemes (see for instance http://cap-lore.com/CapTheory/index.html ) are sort of a special case of the Askemos protection system. A capability is usually an opaque bit pattern, which are undivisible objects. This leave those systems with the problem of the transfer. To transfer indivisible rights between objects a higher right is required, which eventually contradicts the axiom of the existence on inalienable rights. Except for this transfer problem, which is solved by the replacement of opaque bit patterns through sets, that is divisible objects, all rules apply.

The public right or common code and the taboo

To facilitate communication (i.e., to get any trusted contact between two individuals started first time), a special right is needed, which all individuals do have.

But there is a difference between the public right and the right of the individual. The individual has the right to change it's mind at any time. The public right can not. Therefore the set of rights the place - which represents the public right - has is represented by the difference of this very places (so called "full") right and it's counterpart: the right of the individual.

Within Askemos programs, these two rights are the only well known rights. The function public-oid yields the OID representing the public right, while my-oid yields the symbol for "private".

At any Askemos installation the place with the public oid shows the rules of use under which the particular installation participates in the Askemos. It is always a constant object, or in the context of program execution, it is used as the symbol for "constant".

The counterpart, the right of the individual is the taboo. It is never possible to access that object.

Software Requirements

  • there is a separate value space for rights
  • robust against known attacks (with possible exemption for denial of service attacks)
  • it's impossible to extend rights or derive rights from other values spaces
  • work like humans beings assign capabilities among each other
  • Detailed design notes.




border
last modification: Thu, 12 Jun 2003 11:51:53 +0200
authors: jfw,
document identifier: A849640f672ed0df0958abc0712110f3c
delivered to public at Mon, 20 Nov 2017 10:26:37 +0100
short comments


rss

pdf :: context view

search



www.jangoo.de
24 Apr 2004 DefineInsecureMode
12 Dez 2010 FreeBSD
07 Dez 2010 BALLFeatures
05 Dez 2010 ByzantineAgreement
04 Dez 2010 SQLITE
03 Dez 2010 SRS
12 Okt 2010 WebDAV
12 Sep 2010 SQL
16 Jun 2010 BALL
16 Jun 2010 CouchDB
16 Jun 2010 AskemosServer
07 Mai 2010 SystemRequirements
30 Mar 2010 ProjectsOnThePlate
30 Mar 2010 AskemosResources
30 Mar 2010 RSchemeInstall
30 Mar 2010 INSTALL
30 Mar 2010 ChickenScheme
debug-access.scm
27 Nov 2009 subscriber
development
12 Jul 2009 test
01 Jul 2009 TrustCenter
27 Dez 2008 JKomG
26 Dez 2008 FanOut
26 Dez 2008 MIME
NetBSD
NOTE
02 Mai 2006 AskemosTopMenu
18 Nov 2008 StorageAdaptor
18 Nov 2008 PStoreStorageAdapt
18 Nov 2008 OperationTips
15 Nov 2008 PCRE
04 Nov 2008 ProgrammingLanguag
09 Sep 2008 RelatedProjects
23 Jul 2008 ModuleStructure05
17 Jun 2008 NEWS
17 Jun 2008 HTML
17 Jun 2008 ACM
22 Mai 2008 HTTP
22 Mai 2008 BOSH
10 Mai 2008 AskemosBibliograph
10 Mai 2008 JerrysDreamAbstrac
20 Apr 2008 XSLT
11 Mar 2008 CodingStyle
10 Mar 2008
09 Mar 2008 MIMEConverter
BSD
07 Mar 2008 XML
06 Mar 2008 SRFI
01 Mar 2008 RFC4810






Add


home · features · download · archive