"The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments", published by six NSA employees, was published at the 21st National Information Systems Security Conference in October, in Arlington, Virginia, USA. (See <URL:http://csrc.nist.gov/nissc/1998/> and <URL:http://csrc.nist.gov/nissc/1998/papers.html> for more on the conference.) The paper is available in HTML at <URL:http://www.jya.com/paperF1.htm> and in PDF at <URL:http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdf>. It discusses, among other things: - why mandatory security mechanisms are useful outside the context of classification levels, even on single-user systems; - trusted-path mechanisms, like the PASSCRED stuff recently implemented in Linux and NT's Ctrl-Alt-Del login feature. -- <kragenat_private> Kragen Sitaker <http://www.pobox.com/~kragen/> Silence may not be golden, but at least it's quiet. Don't speak unless you can improve the silence. I have often regretted my speech, never my silence. -- Adam Rifkin, <adamat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:55 PDT