[cap-talk] Re: Capabilities vs. Classifications
Bill Frantz
frantz at pwpconsult.com
Wed Dec 21 19:37:54 EST 2005
On 12/21/05, daw at cs.berkeley.edu (David Wagner) wrote:
>Anthony Hannan <ajh18 at cornell.edu> writes:
>>Other
>>covert channels like the amount of time a computation takes is not
>>protected, but I believe these covert channels are not an issue for most
>>applications.
>
>Huh? I don't know what you mean by "not an issue", but I do know
>that these remaining covert channels provide a way that an authorized
>subject could leak classified information to an unauthorized subject --
>in violation of the security goal you stated above.
I am reminded of a tale from the days of the Honeywell SCOMP, which was
certified to an Orange Book level of A1, at the time the strictest
available security review. A1 requires that covert channels be
characterized as to their maximum bandwidth, but does not require that
they be closed. Some time after the security review was completed,
someone found a covert channel in SCOMP that was good for may kilobytes
per second. A SCOMP developer is reputed to have said, "I don't want to
call it 'secure', I just want to call it 'A1'"
Cheers - Bill
---------------------------------------------------------------------
Bill Frantz | The first thing you need | Periwinkle
(408)356-8506 | when using a perimeter | 16345 Englewood Ave
www.pwpconsult.com | defense is a perimeter. | Los Gatos, CA 95032
More information about the cap-talk
mailing list