[cap-talk] process 'tainting': *-property or not *-property

Karp, Alan H alan.karp at hp.com
Tue Jan 3 11:36:26 EST 2006 

The simple security (SS) and *-property are codifications of the way
people handle classified material.  The problem faced by those writing
the Orange Book was how to deal with software.  The people handling
classified information were trusted to obey the rules because there was
no alternative.  The question was how to make sure that the programs
these people ran followed the rules.  Covert channels were recognized as
an unsolvable problem, so limits were set on the transfer rate.  In the
1980s, a few hundred bits per second was considered acceptable.
Unfortunately, machines have gotten faster at an exponential rate, but
the size of our secrets has grown slowly if at all.  Hence, David
Wagner's comments about the whole thing being irrelevant are right on
the mark.

That doesn't mean that MLS is a total waste of time.  We just have to
think of it in terms of actions instead of data.  In other words, think
of "launch missle" instead of "read missle specs."  Assign each entity
and each operation a security level.  SS means that a high entity can't
delegate a high operation to a low entity.  Explicit declassification is
recognized as being necessary, so a high entity can delegate a low
operation to a low entity.  The *-property means that a low entity can
delegate a low operation to a high entity, but that delegation can't
grant the low entity authority to do high operations.  That normally
means that the operation should be relabled as high, but there may be
other ways to achieve this goal.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://eros.cs.jhu.edu/pipermail/cap-talk/attachments/20060103/04e0a17b/KarpAlanH.vcf

More information about the cap-talk mailing list