Hi

I recently stumpled upon Polaris[1,2,3], which seems to be a fairly
interesting HP research project to enforce principles of least authority on
individual applications in the context of Windows XP. In particular,
no additional security mechanisms are introduced (like in AppArmor
or SELinux). I like approaches like these because they show the
potential strength of the current security measures. In
particular if acts of designation are used to determine authorisation
the usual trade-offs between usability and security (see e.g.
Vista) are avoided.

Mainly, Polaris changes the way applications are launched - namely in
the context of a restricted user account with few permissions (adjusted
per "pet", where a "pet" is a "polarized" application), and defines
domains in which the "pet" can act (ie accessible files, accessible
resources etc.).

There are a few drawbacks left. For example, it cannot limit network access.
Certainly, this is simple with the addition of a firewall, but, well, this
has to be done at first - let's see what hp will pay the group for
Then, you have to trust your game developers (Problems with Direct3d) ...

While all of this seems theoretically very interesting - anyone willing to share his/her experiences?


Thanks & Cheers


[1] www.hpl.hp.com/techreports/2004/HPL-2004-221.pdf
[2] www.hpl.hp.com/personal/Alan_Karp/polaris.pdf
[3] www.cs.sonoma.edu/cs_dept/karp_PolarisSept06.pdf