Access Control Management

The Askemos system "manages" permission for users. (Or rather requires permision management to obey some rules.) As such it qualifies as a "access control management" system like any operating system, data base etc.

Two View On Access Control

  • (LAW) logical attribution of warrants; The "de jure" semantics of privilege claim and transfer.
  • (ARM) actual restriction measurement; Digital, physical and legal means of executing orders according to the former.

Related considerations lead to partially conflicting goals. LAW is by definition independent of factual power, while ARM seeks to be incircumventable (falsely sometimes breaking the LAW).

Askemos strives to define a very simple LAW. There is no implied assumption how this will be enforced in fact. (ARM is not the topic here.)

The Problem

Most computer systems share one property: there is a mode of operation - often termed "administrative" - powerful enough to change literally each bit in the computer. Abusing this mode leads to all sorts of computer crime. Hence there is a reason to secure access to this mode of operation - at all costs, if you see what I mean.

Unfortunately this type of defensive security is an endless race and always a trade off between security and convenience. And worst: there is no guaranty ever.

Repeated in plain English: any and all data trace gathered from electronic devices featuring an administrative mode is disputable . While such data might reveal a lot about a person, there is always the chance that the data did not origin from that person in the first place. (Thus there should never ever be any verdict based purely on such evidence.)

Let alone for a moment that the world can get away with weak evidence for a while: how would electronic devices fit into a business setting, if there was no improvement over the current state of affairs?