[E-Lang] Migration and Una (was: E FAQ)

[Mark S Miller]

At 09:42 PM Sunday 9/30/01, Jonathan S. Shapiro wrote:
>> Btw, in light of previous discussions on e-lang, we may want to rephrase
>> this as "mutually reliant UTCBs".
>
>Actually, term "TCB" is now considered obsolete in the assurance community.
>The term du jour is now TSF, for Trusted Security Functions.

Is this just a relabelling, or does it have a different definition?  Is 
"TCB" considered obsolete for a good reason, or is it just fashion?  Should 
we now say UTSF for those parts of a system on which all the rest of the 
system necessarily relies on / is at the mercy of?  Or should we just coin a 
new term, like "reliance base" or something?


>It is also now clear to me why we had such trouble with the idea of nested
>TCBs. Neither the TCSEC nor Common Criteria language lends itself to
>object-oriented structure. The deeper I get into assurance the more
>convinced I become that fundamental work is needed in this area.

Sounds interesting.  What do you have in mind?

What should one read to learn the perspectives of the assurance community?



        Cheers,
        --MarkM