Matthew Garrett5d ago

You have an agent running on your local system. You want it to have access to a restricted set of things, both locally and remote. What is the technical mechanism you use to ensure that it has a subset of the access that you, as an individual logged into the same system, do?

(I am uninterested in "Don't run an agent" because while yes I see your point that doesn't mean it's not happening and security professionals have to deal with what's happening not what we want to be happening)

Show threaddegregat

@mjg59 compartmentalize access locally (via OS ACL, containers/vms), constrain actions (tool/syscall allowlists, maybe data dependent).
provide same functionality on the remote and let principals register policies for agents there.

this assumes we provide definitions and let the agent only decide on how to compose them.
proving safe composition would be nice, maybe via model checking, or even just tests and asserts.

in the long run we might get reliable "zero trust choreographies"

Apr 2 at 9:28amWeb
Show threaddegregat5d ago
@mjg59 in the short term: any subset of the above which is feasible to implement client side. maybe intercept and verify packets before they're sent out, to try and bound behavior on the remote.