[cap-talk] Capabilities and the NCSC Trusted Computer Security Evaluation Criteria (TCSEC)
btulloh at gmail.com
Sun Nov 5 07:01:17 CST 2006
On 11/4/06, David Wagner <daw at cs.berkeley.edu> wrote:
> A personal opinion:
> The TCSEC requirements are most irrelevant to modern computer security in
> the commercial world. They're a waste of time. Every second you spend
> trying to comply with TCSEC is one second forever lost from your lifespan.
> They're not worth the brain cells; don't bother.
Interestingly, this also seems to be the opinion of Virgil Gligor the
lead author of the "Traditional Capability Systems" report. He
recently led a panel at the 2006 Usenix Security conference on "Major
Security Blunders of the Past 30 Years." Multi-level secure systems
were his number 2 example.
You can find the MP3 of the panel online. The relevant section starts
at about 23:00.
He claimed the main problem was that there was no market for MLS
systems (operating systems, databases, applications) -- "absolutely
none, not even in the military." This was because they were too hard
to use and they broke off-the-shelf applications. He gives a
conservative estimate of the cost of this blunder of between $4-9
billion from 1980-1996.
He also asks why should we care? His answer: it largely drained
security funding for about 15 years, and led to a massive R&D
distraction. Since there was no market, there was no market
discipline, and the wrong R&D bets went unpunished.
It seems to me that part of what it did was distract R&D away from
More information about the cap-talk