1998-12-29-11:52:03 Paul D. Robertson:
> For me, there are two things that make trusted-model systems (especially
> MLS) interesting, the first is being about to sandbox untrusted code fairly
> effectively - especially for core services like DNS, the second is to start
> in on real, secure, transactional Web-based systems.
Whereas I'm less interested in either of those categories of problem --- they
both have the feature that they can be centralized sufficiently to let you go
to some draconian configuration extremes to buy reasonable security with
traditional OSes.
Where _I'm_ most excited about the prospects for newer, finer-grained security
controls is in problems that resist the best efforts without them: deploying
the controls onto end-user workstations to sandbox insecure end-user apps.
Starting with %*@&ing web browsers with their insecure applet implementations.
The best I've been able to come up with to date is deploying an outbound-only
sandbox machine in the DMZ, giving users ssh access to it through a tunnel,
and letting them run a browser that can be savaged by java and javascript
remote displayed to their desktop. That's got a lot of problems, needless to
say.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
