by Ben Laurie

The modern world doesn’t look like this at all. All the files on a typical computer belong to a non-expert user (for simplicity I am ignoring shared devices — this doesn’t really undermine the argument as I hope you will see). Indeed, the whole computer typically belongs to a single user. Printers do not need accounting and similarly belong to the same user. The enemy is the software that is running on the machine. Users no longer have a good understanding of the software they run. Software is enormously complex and uses all sorts of resources, many distributed over multiple systems, to accomplish their tasks. And frequently their task is only superficially in service of the user.

In short, the old threat model was untrusted tenants, trusted software, unit of protection is files and devices. The new threat model is trusted tenants, untrusted software, unit of protection is individual data items.