> Well I suppose that if you wanted to fully compartment the inside from
> the outside and allow communications only of the "Read Out/Write In"
> variety with full MAC and protection from covert channels, it might do
> something ...
That's the model Sidewinder uses, tho' it uses type enforcement
instead of traditional MAC labels. Access control is tied more to
executing software. Also, there's no "all compartments top secret"
security level that has access to everything, so there's no especially
bad security domain in which bad software might run. Less risky.
By the way, B1 offers _*no*_ protection against covert channels. The
original intent for the B1 rating was to serve as a "toy" rating until
vendors learned how to achieve "real" ratings that addressed modular
design, least privilege, and covert channels. The lack of covert
channel work means that a cheap shot at B1 will have MAC that's easy
com roseville, minnesota