| The
security model 1: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| • | User’s
computers can interact with untrusted |
||||||||||||
| computers
because of Tn’s security model |
|||||||||||||
| – | Use of capabilities1 makes Tn intrinsically secure |
||||||||||||
| unlike
Access Control List (ACL) based systems |
|||||||||||||
| – | It’s
extremely easy to group together a set of computers |
||||||||||||
| according
to a schema and specify what capabilities the |
|||||||||||||
| members
of that group will have |
|||||||||||||
| – | By
default all external access is encrypted with 128 bit |
||||||||||||
| AES
and data you deposit on remote machines is |
|||||||||||||
| similarly
encrypted so only you can use it |
|||||||||||||
| [1]: The idea
for capabilities comes from the EROS operating system |