Re: [SC-L] Silver Bullet 113: Chandu Ketkar

The URL was apparently scrambled below. For the SB episode try: http://bit.ly/SB-chandu gem On 8/31/15, 12:51 PM, "SC-L on behalf of Gary McGraw" wrote: >hi sc-l, > >The new episode of Silver Bullet features a conversation

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

Yes, we seem to abandon security mechanisms that (1) we can actually trust, and (2) that Microsoft and Google refuse to build. === Karen Mercedes Goertzel, CISSP, CSSLP Senior Lead Scientist Booz Allen Hamilton 703.698.7454 goertzel_ka...@bah.com "The hardest thing of all is to find a black cat

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

Reference monitors were a lovely concept, largely invented for multilevel security kernels and trusted computing bases, but are almost nonexistent in that context. Yes, they'd be lovely to have, but even the NSA folks seem to have abandoned them... ___

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

As far as I know, Microsoft integrated some reference monitoring into their OS family under Fred Schneider’s guidance. They called it “inline reference monitoring” and I believe they still use it. gem On 9/8/15, 8:49 AM, "SC-L on behalf of Goertzel, Karen [USA]"

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

It's been there since Windows NT 4.0, and is used with mandatory integrity labels to enforce a mandatory integrity policy so that subjects with a lower integrity label cannot access (and, most importantly, cannot modify) objects with higher integrity labels. It also exists separate from the

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

On Tue, Sep 8, 2015 at 7:44 PM, Gary McGraw wrote: > As far as I know, Microsoft integrated some reference monitoring into their > OS family under Fred Schneider’s guidance. They called it “inline reference > monitoring” and I believe they still use it. A related work by