A Taxonomy of Access Control
My personal definition of a brilliant idea is one that is immediately obvious once it’s explained, but no one has thought of it before. I can’t believe that no one has described this taxonomy of access control before Ittay Eyal laid it out in this paper. The paper is about cryptocurrency wallet design, but the ideas are more general. Ittay points out that a key—or an account, or anything similar—can be in one of four states:
safe Only the user has access,
loss No one has access,
leak Both the user and the adversary have access, or
theft Only the adversary has access.
Once you know these states, you can assign probabilities of transitioning from one state to another (someone hacks your account and locks you out, you forgot your own password, etc.) and then build optimal security and reliability to deal with it. It’s a truly elegant way of conceptualizing the problem.
Miguel Farah • August 12, 2022 6:51 AM
This is indeed elegant.
I also wonder if it would be worthwhile to add an intermediate state between “safe” and “leak”, to describe a {key,whatever else} that’s officially “safe”, but that the user has shared with a trusted (*) actor. For example, the Netflix password that’s supposed to be only mine but that I shared with my… uhhh… grandmother, so she can watch her favorite series on her place. Such a password would be at a heightened risk of being leaked (and if I treated her as an “adversary”, I would be in deep shiRt, so that’s not a good option).
(*) For varying, non-zero valuations of trust.