Trust and Partial Typing for Open Networks


                           James Riely 

                  North Carolina State University
                                                              


 We introduce partial typing as a tool for reasoning about resource
 access control in open networks.  Partial typing divides a network in
 two: `good' sites are controlled by a common administrator,
 potentially `bad' sites are controlled by others.  In such an open
 network, it is often desirable to allow code from a `bad' site to be
 installed locally, for example webpage applets and browser plugins.
 The difficulty, of course, is that imported code may violate local
 policies that secure the system and the data it holds.  Two opposing
 solutions have been advanced in the past few years, one based on
 trust, the other based on verification.  Partial typing provides a
 bridge between the two.