Re: [SC-L] [External] Re: SearchSecurity: Dynamism

k cat in a dark room, especially if there is no cat." - Confucius From: Peter G. Neumann [neum...@csl.sri.com] Sent: 06 September 2015 15:24 To: Goertzel, Karen [USA] Cc: Alfonso De Gregorio; Johan Peeters; Secure Code Mailing List Subject: Re: [SC-L]

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

Reference monitors were a lovely concept, largely invented for multilevel security kernels and trusted computing bases, but are almost nonexistent in that context. Yes, they'd be lovely to have, but even the NSA folks seem to have abandoned them... ___

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

t;Sent: 06 September 2015 15:24 >To: Goertzel, Karen [USA] >Cc: Alfonso De Gregorio; Johan Peeters; Secure Code Mailing List >Subject: Re: [SC-L] [External] Re: SearchSecurity: Dynamism > >Reference monitors were a lovely concept, largely invented for multilevel >security kernels and

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

From: Gary McGraw [g...@cigital.com] Sent: 08 September 2015 15:44 To: Goertzel, Karen [USA]; Peter G. Neumann Cc: Secure Code Mailing List Subject: Re: [SC-L] [External] Re: SearchSecurity: Dynamism As far as I know, Microsoft integrated some reference monitoring into their OS family under Fred S

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

On Tue, Sep 8, 2015 at 7:44 PM, Gary McGraw wrote: > As far as I know, Microsoft integrated some reference monitoring into their > OS family under Fred Schneider’s guidance. They called it “inline reference > monitoring” and I believe they still use it. A related work by

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

Does anyone else remember "reference monitors"? What an old-fashioned idea. But they'd certainly solve a lot of problems. === Karen Mercedes Goertzel, CISSP, CSSLP Senior Lead Scientist Booz Allen Hamilton 703.698.7454 goertzel_ka...@bah.com "The hardest thing of all is to find a black cat in a