John, I don't believe that was quite true. I believe you are interpreting Bell-LaPadua as an overall security policy, when in fact is was strictly an access control policy as were most COMPUSEC policies. The US Government's classification system is in fact part of an access control policy. High Assurance is achieved when it can be shown that the security policy for a platform is rigorously enforced by the security mechanisms...regardless what that security policy may be. Even the access control policy which says "no flow down" can be "bent" in real world situations when the situation demands. Things are never just black and white (or perhaps I should say black and red).
________________________________ From: Davidson, John A. [[email protected]] Sent: Monday, May 23, 2011 10:06 AM To: [email protected] Subject: Re: [cicm] BoF Request for CICM at IETF 81 The conventional COMPUSEC view of high assurance was that - it was indicated where the Policy had to be enforced for certain (mandatory) e.g. no flow down tolerated. ----- Original Message ----- From: [email protected] <[email protected]> To: CICM Discussion List <[email protected]> Sent: Mon May 23 05:27:45 2011 Subject: Re: [cicm] BoF Request for CICM at IETF 81 Richard, On 2011-05-22 at 06:36, Richard Graveman wrote: > It seems to me that high assurance may well be needed in cases with > only one domain. Is that out of scope? Single domain use cases are definitely in scope; but they are very similar (conceptually) to existing commercial crypto APIs. The ability to separate domains is what sets CICM apart. See: "2.3. Single Security Domain" in CICM Logical Model http://tools.ietf.org/html/draft-lanz-cicm-lm-00#section-2.3 "18. Single-Domain" in CICM Channel Management http://tools.ietf.org/html/draft-lanz-cicm-cm-00#section-18 Lev _______________________________________________ cicm mailing list [email protected] https://www.ietf.org/mailman/listinfo/cicm _______________________________________________ cicm mailing list [email protected] https://www.ietf.org/mailman/listinfo/cicm
