As far as I know, Microsoft integrated some reference monitoring into their OS family under Fred Schneider’s guidance. They called it “inline reference monitoring” and I believe they still use it.
gem On 9/8/15, 8:49 AM, "SC-L on behalf of Goertzel, Karen [USA]" <sc-l-boun...@securecoding.org on behalf of goertzel_ka...@bah.com> wrote: >Yes, we seem to abandon security mechanisms that (1) we can actually trust, >and (2) that Microsoft and Google refuse to build. > >=== >Karen Mercedes Goertzel, CISSP, CSSLP >Senior Lead Scientist >Booz Allen Hamilton >703.698.7454 >goertzel_ka...@bah.com > >"The hardest thing of all is to >find a black cat in a dark room, >especially if there is no cat." >- Confucius > > >________________________________________ >From: Peter G. Neumann [neum...@csl.sri.com] >Sent: 06 September 2015 15:24 >To: Goertzel, Karen [USA] >Cc: Alfonso De Gregorio; Johan Peeters; Secure Code Mailing List >Subject: Re: [SC-L] [External] Re: SearchSecurity: Dynamism > >Reference monitors were a lovely concept, largely invented for multilevel >security kernels and trusted computing bases, but are almost nonexistent >in that context. Yes, they'd be lovely to have, but even the NSA folks >seem to have abandoned them... > >_______________________________________________ >Secure Coding mailing list (SC-L) SC-L@securecoding.org >List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l >List charter available at - http://www.securecoding.org/list/charter.php >SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) >as a free, non-commercial service to the software security community. >Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates >_______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________