Tech-kern removed from CC list.

On 8/25/06, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
> I do think, though, that MLS solves a problem that no one has anymore.
> That is, it's a security mechanism designed (a) for mainframes, (b) with
> timesharing terminals if necessary, (c) mostly without networks, and (d)
> useful at most for the Defense Department, and generally not even for
> them.

While it's true that computers are cheap and having multiple computers
for different tasks is cheaper than it was for mainframes, the problem
of moving data between classification levels/networks is still a big
problem.  I speak from recent experience.

It's not that it's inapplicable to modern systems; for example, your
private crypto keys might warrant a higher protection level than log
files for sendmail, or credit card numbers might warrant higher
protection than other transactional data that an e-commerce site might
collect.  The trick is that it has to be moved from one level to
another in a very careful manner.  Another example; currently I have
filters in place to prevent my LAN traffic from leaking out over the
WAN link.  I do this based on IP addresses, but if all my LAN machines
tagged their packets with a classification level, it would
theoretically be even easier to filter it from leaking out the WAN
link, were the proper machinations in place.  The idea of data leakage
is serious, and I have seen it in just about everything from RFC822
headers to etherleak to internal Usenet news groups suddenly appearing
worldwide.
-- 
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484