info please part 2

Paris Stefas parisstc at hotmail.com
Wed Dec 18 19:57:01 GMT 2002 

I think you've got a  very clear view of what's in my mind. I almost thought
you were inside my head :]
Thanks
Paris

----- Original Message -----
From: "Chris Wright" <chris at wirex.com>
To: "Paris Stefas" <parisstc at hotmail.com>
Cc: <trustedbsd-discuss at TrustedBSD.org>
Sent: Wednesday, December 18, 2002 19:58
Subject: Re: info please part 2


> * Paris Stefas (parisstc at hotmail.com) wrote:
> >
> > freebsd ,earlier Solaris 8 but was a bit slow). So in my paper i am
trying
> > to bring up the advantages of a trusted environment and test for several
> > desadvantages that may occur ( such as network and host performance
towards
> > known operating systems ). I have located theory about trusted
environments
> > but i think that the community lacks documentation that concerns
performance
> > , stability and other issues that may affect the use and the acceptance
of
> > these systems. I'll try to figure this out with the best way i can and i
> > will sure make public whatever results i get.
>
> Yes, the disadvantages are important as they underline part of the slow
> uptake of trusted systems.  Considering in the past trusted systems
> often went through lengthy certification processes (for things like
> Orange Book, or Common Criteria), the systems were often lagging behind
> in terms of both software and hardware.  More contemporary projects like
> TrustedBSD and LSM are operating much closer with current development
> efforts, and new ways of evaluating assurance may help remove some of
> the headaches that certification brings along.
>
> For performance, this really depends on the specific technology.  A
> poorly coded policy that uses a well optimized framework can still have
> poor performance.  I recall seeing some performance numbers in one of the
> TrustedBSD papers.  Also, LSM performance numbers can be found at
> <http://lsm.immunix.org/docs/lsm-usenix-2002/html/node19.html>.
>
> Another important consideration is ease of administration.  With an
> improved security infrastructure, there is likely more administrative
> overhead.  And more importantly, with the extra knobs to twist one must
> make sure that the system _is_ actually more secure.
>
> cheers,
> -chris
> --
> Linux Security Modules     http://lsm.immunix.org
http://lsm.bkbits.net
>

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list