Secure Coding mailing list archives
Re: [External] Re: SearchSecurity: Dynamism
From: Gary McGraw <gem () cigital com>
Date: Tue, 8 Sep 2015 19:44:40 +0000
As far as I know, Microsoft integrated some reference monitoring into their OS family under Fred Schneider’s guidance. They called it “inline reference monitoring” and I believe they still use it. gem On 9/8/15, 8:49 AM, "SC-L on behalf of Goertzel, Karen [USA]" <sc-l-bounces () securecoding org on behalf of goertzel_karen () bah com> wrote:
Yes, we seem to abandon security mechanisms that (1) we can actually trust, and (2) that Microsoft and Google refuse to build. === Karen Mercedes Goertzel, CISSP, CSSLP Senior Lead Scientist Booz Allen Hamilton 703.698.7454 goertzel_karen () bah com "The hardest thing of all is to find a black cat in a dark room, especially if there is no cat." - Confucius ________________________________________ From: Peter G. Neumann [neumann () csl sri com] Sent: 06 September 2015 15:24 To: Goertzel, Karen [USA] Cc: Alfonso De Gregorio; Johan Peeters; Secure Code Mailing List Subject: Re: [SC-L] [External] Re: SearchSecurity: Dynamism Reference monitors were a lovely concept, largely invented for multilevel security kernels and trusted computing bases, but are almost nonexistent in that context. Yes, they'd be lovely to have, but even the NSA folks seem to have abandoned them... _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Re: [External] Re: SearchSecurity: Dynamism Peter G. Neumann (Sep 08)
- Re: [External] Re: SearchSecurity: Dynamism Goertzel, Karen [USA] (Sep 08)
- Re: [External] Re: SearchSecurity: Dynamism Gary McGraw (Sep 08)
- Re: [External] Re: SearchSecurity: Dynamism Goertzel, Karen [USA] (Sep 08)
- Re: [External] Re: SearchSecurity: Dynamism Alfonso De Gregorio (Sep 08)
- Re: [External] Re: SearchSecurity: Dynamism Gary McGraw (Sep 08)
- Re: [External] Re: SearchSecurity: Dynamism Goertzel, Karen [USA] (Sep 08)