Re: [External] Re: SearchSecurity: Dynamism

["Goertzel, Karen [USA]" <goertzel_karen () bah com>]

It's been there since Windows NT 4.0, and is used with mandatory integrity labels to enforce a mandatory integrity 
policy so that subjects with a lower integrity label cannot access (and, most importantly, cannot modify) objects with 
higher integrity labels. 

It also exists separate from the Windows DAC ACL, which is what seems to govern user access to data files. One gets the 
impression it is intended to be used to protect DLL executables against modification by unauthorized processes, which 
is a worthy usage, but doesn't do anything for sensitivity- or privacy-based control of information flow.



===
Karen Mercedes Goertzel, CISSP, CSSLP
Senior Lead Scientist
Booz Allen Hamilton
703.698.7454
goertzel_karen () bah com

"The hardest thing of all is to
find a black cat in a dark room,
especially if there is no cat."
- Confucius


________________________________________
From: Gary McGraw [gem () cigital com]
Sent: 08 September 2015 15:44
To: Goertzel, Karen [USA]; Peter G. Neumann
Cc: Secure Code Mailing List
Subject: Re: [SC-L] [External] Re: SearchSecurity: Dynamism

As far as I know, Microsoft integrated some reference monitoring into their OS family under Fred Schneider’s guidance.  
They called it “inline reference monitoring” and I believe they still use it.

gem




On 9/8/15, 8:49 AM, "SC-L on behalf of Goertzel, Karen [USA]" <sc-l-bounces () securecoding org on behalf of 
goertzel_karen () bah com> wrote:

> Yes, we seem to abandon security mechanisms that (1) we can actually trust, and (2) that Microsoft and Google refuse 
> to build.
>
> ===
> Karen Mercedes Goertzel, CISSP, CSSLP
> Senior Lead Scientist
> Booz Allen Hamilton
> 703.698.7454
> goertzel_karen () bah com
>
> "The hardest thing of all is to
> find a black cat in a dark room,
> especially if there is no cat."
> - Confucius
>
>
> ________________________________________
> From: Peter G. Neumann [neumann () csl sri com]
> Sent: 06 September 2015 15:24
> To: Goertzel, Karen [USA]
> Cc: Alfonso De Gregorio; Johan Peeters; Secure Code Mailing List
> Subject: Re: [SC-L] [External] Re: SearchSecurity: Dynamism
>
> Reference monitors were a lovely concept, largely invented for multilevel
> security kernels and trusted computing bases, but are almost nonexistent
> in that context.  Yes, they'd be lovely to have, but even the NSA folks
> seem to have abandoned them...
>
> _______________________________________________
> Secure Coding mailing list (SC-L) SC-L () securecoding org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
> _______________________________________________

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________