[cap-talk] What does the [defense?] security community really fear from capabilities? (was: Support of MLS policies (was Re: NLTSS))

Jonathan S. Shapiro shap at eros-os.com
Fri Jul 13 07:45:54 EDT 2007 

On Thu, 2007-07-12 at 11:18 -0700, Jed Donnelley wrote:
> Jonathan S. Shapiro wrote: 
> > On Thu, 2007-07-12 at 16:20 +0200, Pierre THIERRY wrote:
> >   
> > > Scribit Jed Donnelley dies 11/07/2007 hora 16:52:
> > >     
> > > > However, at the time vendors were working hard on supporting MLS
> > > > policies and it was widely believed that support for such facilities
> > > > would be available in those commercially available systems
> > > >       
> > > If I understand correctly, to summarize, caps were disregarded because
> > > they had been considered unable to support MLS policies in favour of ACL
> > > systems, which at that time did not support MLS policies yet.
> > >     
> > 
> > Not quite. Caps were disregarded because it was believed that they were
> > unable **in principle** to support MLS.
> >   
> The above is a considerable over simplification.

I agree. I was trying to respond in context to Pierre's specific
question.

While I agree with much of Jed's diatribe on this topic - we seem to
have hit a widely shared tender nerve here -- I suggest that it isn't
productive to fight a 30 year old political battle. Most of the
opposition is dead or retired, and the only reason that people today
will know about that report is that Jed scanned it and put it online.:-)

To the extent that there are factual issues (statements that are wrong)
or bad science (FUD) in that document, it is worth organizing a rebuttal
document. At this point, I think that cause and motives are largely a
dead issue.

I did once have occasion to talk to Virgil Gligor about some of this
stuff (though not about the report specifically). Part of what we all
need to remember is that these authors were charged with a very serious
and very real problem. They had to come up with a recommendation in an
environment where capability ideas were not widely circulated. In 1974,
when this report was funded, KeyKOS was only just getting first funding.
Outside of Cambridge, UK, which was never a group that published much,
the ideas we now take for granted in cap systems were not known to the
community at large (and still aren't).

It would have been much better for that report to have said "We see the
following issues, we are not aware that solutions exist for them." But
try to remember that the authors were very young in their careers. The
ability to admit lack of knowledge is a hard thing for anyone, harder
for early-stage scientists, and the stakes involved were really high.

shap
-- 
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC

More information about the cap-talk mailing list