At 8:58 AM -0500 9/29/97, Bennett Todd wrote:
>I think something that's closer to implementable, and that may just give us
>the boost we need to last for another decade or two, will be a richer security
>infrastructure. There's a basic concept out there, for which I don't have a
>good name; it lies underneath the Mandatory Access Control notions of the
>rainbow book series, and TIS's Domain Type Enforcement. It also lies behind
>the dataflow security implementation in Perl.
I'm not sure that's an accurate interpretation of TIS' Domain Type
Enforcement. The basic concept is derived from SCC's type enforcement which
*is* a mandatory access control mechanism operating in a reference monitor
context. TIS' work essentially applied it to access controls in a
networking context. Perhaps a TIS person could give their own opinion, but
the two are different.
Rick.
smith_at_securecomputing.com secure computing corporation
"Internet Cryptography" in bookstores http://www.visi.com/crypto/
Received on Oct 02 1997
Intro
