TheArchitect.co.uk - Jorgen Thelin's weblog
Thoughts and experiences from an Enterprise Software Developer and Architect hiding in plain sight as a Technical Program Manager
Thoughts and experiences from an Enterprise Software Developer and Architect hiding in plain sight as a Technical Program Manager
It has been an interesting few days at the DOCsec conference here in Baltimore. All this talk of multi-level security systems, covert channels, and Alice and Bob everywhere takes me back several years to some experiences earlier in my career implementing "Orange Book" mandatory policy checks in the kernel of ICL's VME mainframe operating system.
There are some seriously different considerations for security-critical systems compared to normal commercial systems, although as I pointed out over refreshments - the main difference is that the "cost of failure" with commercial systems is perceived to be lower than the "cost of conformance" so we all just accept the risk of a few lawsuits and expensive systems failures which are simply not tolerable with safety-critical or security-critical systems.
Unfortunately, I am also seriously bandwidth-constrained - having to work off a dialup link connecting at 37K! Ouch. Next time I will choose hotels more carefully. Even downloading e-mail is stretching things, so any bandwidth hungry tasks like uploading presentations will have to wait until I return home.
All content is
Copyright (c) 2008 Jorgen Thelin. All rights reserved.
The opinions expressed here represent my own views
and not necessarily those of my current, prior or future employer(s).
Content is provided "as-is", without any representations or warrenties of any kind.
Contents of the Weblog Feed are
licensed under a
Creative Commons License.
