[Novalug] Filesystem encryption vs. MLS (Multi-Level Security)
gregory pryzby
greg at pryzby.org
Wed Aug 1 09:21:28 EDT 2007
On Wed, Aug 01, 2007 at 01:15:14PM +0000, Tux subscriber Dave Aronson wrote:
> Mark Smith [mailto:mark at winksmith.com] writes:
>
> > i'm actually a little surprised that MAC (multi-level) protections
> > didn't take hold any better. i did a lot of work on that a few
> > years ago.
>
> Then you should recall what a pain in the proverbial posterior it often is, to plan out what levels to use for what! (Even worse if you're also planning out categories, plus *integrity* levels and categories.) Ease of use trumps security almost every time, even in security applications. (Insert your own Windows joke here, folks.)
>
> > that kind of protection might have done a better job
> > at protecting without the overhead of encryption.
>
> CPU overhead, yes. Human effort overhead, no.
However, if you want security, you need to understand what access
needs to be given and from there, the human effort to implement is
less. There is still all the up front work though.
Just encrypting doesn't solve the problem on a system w/ multiple
users.
Anyway, security and ease of use are directly inproportional (hope I
spelled it right!).
--
greg pryzby greg at pryzby dot org
fingerprint: 8A1A DB90 869F 5DD1 D6E9 EEB6 C156 6B04 849F A86F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://calypso.tux.org/pipermail/novalug/attachments/20070801/a3f542a5/attachment.pgp
More information about the Novalug
mailing list