Re: The Demise of Simple Assurance?

From: Jesse Pollard (pollardat_private)
Date: Fri Aug 03 2001 - 05:30:08 PDT

  • Next message: Casey Schaufler: "Re: Making forward progress"

    dawat_private (David Wagner):
    > Casey Schaufler  wrote:
    > >Let us not forget our real-time embedded friends,
    > >who want the null security policy.
    > >[...] a DAC module which does no
    > >checks but always returns success speeds them up.
    > Do you have any proof of this?  I'm skeptical that the difference is
    > noticeable under common usage, but without measurements, I don't know
    > how to evaluate this claim either way.
    I'm not so sure of the speed, but definitely the memory consumption.
    When I worked in embeded systems, we had to keep the kernel (wasn't linux)
    under 4K, and were always squeezed for ROM storage. Although the resident
    memory constraints are not that bad, ROM storage is still limited. Having
    the DAC present also means that you are always programming with the view
    that any protection accidentally imposed can prevent the target from
    functioning properly..
    Jesse I Pollard, II
    Email: pollardat_private
    Any opinions expressed are solely my own.
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 05:31:34 PDT