[cap-talk] gauntlet - one way IPC considered useless, practical
MLS?
Ian G
iang at systemics.com
Sat Jan 14 07:47:51 EST 2006
David Wagner wrote:
> By writing "programs/people", I'm afraid you have failed to grasp
> the purpose and motivation underlying all the work on MLS systems.
> The basis of MLS is that you trust people, but don't trust programs.
I see a fascinating contrast between this statement
and that of DRM - where you trust programs but do not
trust people. Is it that clean a distinction?
Would this then mean that TCBs could not be used in
MLS scenarios? (conceptually speaking...)
iang
More information about the cap-talk
mailing list