On Tue, Sep 8, 2015 at 7:44 PM, Gary McGraw wrote:
> As far as I know, Microsoft integrated some reference monitoring into their
> OS family under Fred Schneider’s guidance. They called it “inline reference
> monitoring” and I believe they still use it.
A related work by Microsoft is BrowserSh
_
From: Gary McGraw [g...@cigital.com]
Sent: 08 September 2015 15:44
To: Goertzel, Karen [USA]; Peter G. Neumann
Cc: Secure Code Mailing List
Subject: Re: [SC-L] [External] Re: SearchSecurity: Dynamism
As far as I know, Microsoft integrated some reference monitoring into their OS
family un
c: Alfonso De Gregorio; Johan Peeters; Secure Code Mailing List
>Subject: Re: [SC-L] [External] Re: SearchSecurity: Dynamism
>
>Reference monitors were a lovely concept, largely invented for multilevel
>security kernels and trusted computing bases, but are almost nonexistent
>in
k cat in a dark room,
especially if there is no cat."
- Confucius
From: Peter G. Neumann [neum...@csl.sri.com]
Sent: 06 September 2015 15:24
To: Goertzel, Karen [USA]
Cc: Alfonso De Gregorio; Johan Peeters; Secure Code Mailing List
Subject: Re: [SC-L]
Reference monitors were a lovely concept, largely invented for multilevel
security kernels and trusted computing bases, but are almost nonexistent
in that context. Yes, they'd be lovely to have, but even the NSA folks
seem to have abandoned them...
___
S
Does anyone else remember "reference monitors"?
What an old-fashioned idea. But they'd certainly solve a lot of problems.
===
Karen Mercedes Goertzel, CISSP, CSSLP
Senior Lead Scientist
Booz Allen Hamilton
703.698.7454
goertzel_ka...@bah.com
"The hardest thing of all is to
find a black cat in a