Karen Goertzel writes:
> I agree that attempting to apply military classification labels to
> commercial data makes little sense. But what amazes me is that so
> many people can't see beyond the actual labels to the much more
> important underlying concept, which is the idea of a hierarchical
> mandatory policy for classifying information, instead of a
> discretionary policy.
My own experience is that the hierarchical concept is a good one but
the hierarchical mechanism is not. While it is intuitively appealing,
it doesn't seem to work effectively in practice. For example, note how
the MLS firewall implementation uses mutually inaccessible
compartments instead of "high" versus "low" domains for the different
networks. I've seen this happen in many MLS applications, too. Too
often we need to protect against more than just disclosure.
Note this is a gripe about *hierarchical* access control rules, not
about mandatory mechanisms in general.
com secure computing corporation