[Novalug] Filesystem encryption vs. MLS (Multi-Level Security)
Tux subscriber Dave Aronson
tux2dave at davearonson.com
Wed Aug 1 09:15:14 EDT 2007
Mark Smith [mailto:mark at winksmith.com] writes:
> i'm actually a little surprised that MAC (multi-level) protections
> didn't take hold any better. i did a lot of work on that a few
> years ago.
Then you should recall what a pain in the proverbial posterior it often is, to plan out what levels to use for what! (Even worse if you're also planning out categories, plus *integrity* levels and categories.) Ease of use trumps security almost every time, even in security applications. (Insert your own Windows joke here, folks.)
> that kind of protection might have done a better job
> at protecting without the overhead of encryption.
CPU overhead, yes. Human effort overhead, no.
-Dave
--
Dave Aronson
"Specialization is for insects." -Heinlein
Work: http://www.davearonson.com/
Play: http://www.davearonson.net/
More information about the Novalug
mailing list