You're talking about a mandatory access control OS - see SELinux, TrustedBSD, Trusted Solaris, Flask/Flux, Trusted IRIX - described in the Orange Book.For a while I've been wondering if it's possible to create an operating system that would allow "stupid" users to easily do whatever they want, but still prevent viruses and other malware from doing any harm.
Today I finally spent a few minutes thinking about it and then wrote some of the thoughts down: http://iki.fi/tss/security/friendly-secure-os.html
Goetz
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
