[cap-talk] Support of MLS policies (was Re: NLTSS)
Jonathan S. Shapiro
shap at eros-os.com
Thu Jul 12 10:41:36 EDT 2007
On Thu, 2007-07-12 at 16:20 +0200, Pierre THIERRY wrote:
> Scribit Jed Donnelley dies 11/07/2007 hora 16:52:
> > However, at the time vendors were working hard on supporting MLS
> > policies and it was widely believed that support for such facilities
> > would be available in those commercially available systems
>
> If I understand correctly, to summarize, caps were disregarded because
> they had been considered unable to support MLS policies in favour of ACL
> systems, which at that time did not support MLS policies yet.
Not quite. Caps were disregarded because it was believed that they were
unable **in principle** to support MLS.
> Did any ACL system ever supported MLS policies after that?
Yes. Several. The Wang/XTS Stop system, the Multics system, Trusted
Xenix, others.
> Does any
> ACL system still in use now support them?
Yes, though none at the level of assurance achieved by the three I named
above. Primary example would probably be Trusted Solaris.
> What systems do the military
> use currently (or any other community highly concerned by security)?
As I understand matters, they were forced into single-level OS's
supported by multilevel networks. At the moment, its basically "one
machine, one compartment", and the network infrastructure implements
distributed compartments. Where this is not feasible, everything runs
"system high".
A notable exception is some recent work by Rockwell-Collins, which
implements separation kernels in *hardware*.
shap
More information about the cap-talk
mailing list