The URL was apparently scrambled below. For the SB episode try:
http://bit.ly/SB-chandu
gem
On 8/31/15, 12:51 PM, "SC-L on behalf of Gary McGraw"
wrote:
>hi sc-l,
>
>The new episode of Silver Bullet features a conversation
Yes, we seem to abandon security mechanisms that (1) we can actually trust, and
(2) that Microsoft and Google refuse to build.
===
Karen Mercedes Goertzel, CISSP, CSSLP
Senior Lead Scientist
Booz Allen Hamilton
703.698.7454
goertzel_ka...@bah.com
"The hardest thing of all is to
find a black cat
Reference monitors were a lovely concept, largely invented for multilevel
security kernels and trusted computing bases, but are almost nonexistent
in that context. Yes, they'd be lovely to have, but even the NSA folks
seem to have abandoned them...
___
As far as I know, Microsoft integrated some reference monitoring into their OS
family under Fred Schneider’s guidance. They called it “inline reference
monitoring” and I believe they still use it.
gem
On 9/8/15, 8:49 AM, "SC-L on behalf of Goertzel, Karen [USA]"
It's been there since Windows NT 4.0, and is used with mandatory integrity
labels to enforce a mandatory integrity policy so that subjects with a lower
integrity label cannot access (and, most importantly, cannot modify) objects
with higher integrity labels.
It also exists separate from the
On Tue, Sep 8, 2015 at 7:44 PM, Gary McGraw wrote:
> As far as I know, Microsoft integrated some reference monitoring into their
> OS family under Fred Schneider’s guidance. They called it “inline reference
> monitoring” and I believe they still use it.
A related work by