On Fri, 25 Aug 2006 16:07:28 -0500, "Travis H." <solinym@gmail.com> wrote:

> Tech-kern removed from CC list.
> 
> On 8/25/06, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
> > I do think, though, that MLS solves a problem that no one has anymore.
> > That is, it's a security mechanism designed (a) for mainframes, (b) with
> > timesharing terminals if necessary, (c) mostly without networks, and (d)
> > useful at most for the Defense Department, and generally not even for
> > them.
> 
> While it's true that computers are cheap and having multiple computers
> for different tasks is cheaper than it was for mainframes, the problem
> of moving data between classification levels/networks is still a big
> problem.  I speak from recent experience.
> 
> It's not that it's inapplicable to modern systems; for example, your
> private crypto keys might warrant a higher protection level than log
> files for sendmail, or credit card numbers might warrant higher
> protection than other transactional data that an e-commerce site might
> collect.  The trick is that it has to be moved from one level to
> another in a very careful manner.  Another example; currently I have
> filters in place to prevent my LAN traffic from leaking out over the
> WAN link.  I do this based on IP addresses, but if all my LAN machines
> tagged their packets with a classification level, it would
> theoretically be even easier to filter it from leaking out the WAN
> link, were the proper machinations in place.  The idea of data leakage
> is serious, and I have seen it in just about everything from RFC822
> headers to etherleak to internal Usenet news groups suddenly appearing
> worldwide.

The only thing I disagree with in what you just wrote is that MLS solves
the problem in any useful fashion.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb