[cap-talk] Confinement Confusion, MLS and POLA
Karp, Alan H
alan.karp at hp.com
Tue Jul 18 18:05:08 EDT 2006
Jed wrote:
A lot of stuff I agree with. Nevertheless, I'd like to give one real
example. The Navy typically has a sailor sitting in front of two
computer displays, one display connected to a computer running at High,
the other at Low. Sometimes, the sailor will read something on the High
machine and manually type it into the Low machine. This setup allows
the Navy to run Microsoft Word on the High machine and get information
to Low without needing to do a full security audit of Word to make sure
that Word doesn't decide what gets copied to Low. The sailor is cleared
High, but the *-property is not applied to the person (We trust the
people), only to the computer (It's the computer we worry about). Of
course, all is lost if the sailor is a spy.
My understanding is that this approach has largely been abandonded for
anything but low volume data because nobody has been able to automate
the classification downgrading process.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list