April 09, 2003

The Security Mindset

It has been an interesting few days at the DOCsec conference here in Baltimore. All this talk of multi-level security systems, covert channels, and Alice and Bob everywhere takes me back several years to some experiences earlier in my career implementing "Orange Book" mandatory policy checks in the kernel of ICL's VME mainframe operating system.

There are some seriously different considerations for security-critical systems compared to normal commercial systems, although as I pointed out over refreshments - the main difference is that the "cost of failure" with commercial systems is perceived to be lower than the "cost of conformance" so we all just accept the risk of a few lawsuits and expensive systems failures which are simply not tolerable with safety-critical or security-critical systems.

Unfortunately, I am also seriously bandwidth-constrained - having to work off a dialup link connecting at 37K! Ouch. Next time I will choose hotels more carefully. Even downloading e-mail is stretching things, so any bandwidth hungry tasks like uploading presentations will have to wait until I return home.

Entry categories: Architecture
Posted by Jorgen Thelin at April 9, 2003 11:58 PM - [PermaLink]
Try http://www.geektools.com/geektels/ for hotels next time Jorgen! Posted by: PK on April 10, 2003 10:57 AM
Ha - I rest my case! - Geektels lists no entries for Baltimore, MD! :-( I will certainly use the geektels list next time I travel though. Posted by: Jorgen Thelin on April 13, 2003 03:12 AM