Re: NSA - Spook Linux


From: don@research-cistw.saic.com (Don)
Subject: Re: NSA - Spook Linux
Date: Tue, 9 Jan 2001 18:30:29 -0800 (PST)

Next Article (by Author): Válasz:_Re:_New_RSBAC_paper_uploaded ghorvath@minolta.hu
Previous Article (by Author): Pay nothing for your conference calls! 8616 conferencing@hubang.com
Top of Thread: NSA - Spook Linux "Furmanek, Greg"
Next in Thread: Re: NSA - Spook Linux Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Stephen Smalley <sds@tislabs.com> said:

> In comparison to traditional lattice-based models like BLP and Biba, Type
> Enforcement is better suited to providing integrity protection, especially

I disagree. While forms of type enforcement are not the correct schema for
an information flow model, there is surprising power in simply keeping
compartments from interacting. My ramblings on the subject may be found at
http://research-cistw.saic.com/cace/dte.html.

You may remember me as the person who won in CTF server at Defcon last year
for giving out rootshells on a linux box with DTE, an implementation I've
written independantly. It's described at
http://www.subterrain.net/~palante/defcon8.html. I'd be happy to discuss
variations further... However I do agree with what you said about making
applications unbypassable and tamperproof.. It is definately a strength.

Ps the kernel oops I describe was an overflow due to some quirky behavior
of the way I was doing things. Fortunately I fixed it *before* showing it
off to the world... Tsk Tsk Tsk NSA..
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Válasz:_Re:_New_RSBAC_paper_uploaded ghorvath@minolta.hu
Previous Article (by Author): Pay nothing for your conference calls! 8616 conferencing@hubang.com
Top of Thread: NSA - Spook Linux "Furmanek, Greg"
Next in Thread: Re: NSA - Spook Linux Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.