Hi Tim, One needs to look at where caching is applied and what type. A memory cache could care less about who owns the data; IO caching is tailored to the IO subsystems; File System caching depends on the file system, e.g., distributed and journaling; application caching is probably a bigger application for security, e.g., separating users is feasible.
Other security techniques can be applied to resource caching if deemed necessary. Restricted file systems for 'cached' data can do more than encryption, e.g., fragment, has and encrypt. Regards! -Thomas Clark Tim Cook wrote: >On Sat, 2004-03-06 at 14:17, Tim Churches wrote: > > >>In general, caches should be >>held on encrypted filesystems, either on-disc or in-memory, with the >>keys (or a key to the keys) to the encryption/decryption managed by a >>daemon which purges the keys from memory when asked (eg locking the >>device) or automatically after a short period of disuse. >> >> > >Well, now that would certainly be a secure way to handle caching. If I >were worrying about national secrets. > >Do you go to this extreme now (as a manager) when doing your risk >assessments? I am wondering what the total (additional) costs of system >design and hardware resources is when these facilities are implemented. > >I think that in most cases we can reliably depend on locked doors and >holding people responsible for protecting data they are entrusted with. >I will agree that security training needs to include this awareness so >that users know how to properly store each of these devices when not in >use. > >Later, >Tim > >- >If you have any questions about using this list, >please send a message to d.lloyd at openehr.org > > > - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
