Re: Trusted Unices Aren't?

[David Collier-Brown <davecb () canada sun com>]

Paul D. Robertson wrote:
> I've always been surprised that nobody has jumped on the "secure Web
> server" market, especially in the commerce environments.  Anyway, just in
> case anyone's interested in looking at some OS features that start to
> approach the alphabet soup model, an interesting project (Ruleset Based
> Access Control) in that regard is at:
> http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac/

        Methinks the initial hurdle is too high, as measured 
        in dollars.

        MAC, trusted path and some related work, applied to
        a non-trustable OS, might make a very nice kind of
        web server. In fact, if there was a credible standard
        and an implementation, it would make a good combined
        server and firewall.  

        Borrowing from the ``medieval city'' metaphor, the
        machine would serve as the gate, the public market 
        inside the gate, and the gate in the inner marketplace
        wall. You still have to hire some spear-carriers
        to stand at the gate and catch theives, though.

--dave
-- 
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | davecb () hobbes ss org, canada.sun.com
N2M 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb