Comments on: Security Anti-Pattern: MLS for Guards http://securityblog.org/brindle/2008/05/18/security-anti-pattern-mls-for-guards/ The ramblings of security neophyte Joshua Brindle Fri, 21 Nov 2008 11:10:03 +0000 http://wordpress.org/?v=2.6.2 By: Mariann Mckenzie http://securityblog.org/brindle/2008/05/18/security-anti-pattern-mls-for-guards/#comment-49300 Mariann Mckenzie Wed, 12 Nov 2008 21:47:30 +0000 http://securityblog.org/brindle/?p=24#comment-49300 ivr99vesq70xlz51 ivr99vesq70xlz51

]]> By: Spencer http://securityblog.org/brindle/2008/05/18/security-anti-pattern-mls-for-guards/#comment-33395 Spencer Tue, 27 May 2008 13:42:52 +0000 http://securityblog.org/brindle/?p=24#comment-33395 Good read. Why don't you go over one of those situations where BLP/MLS is the better solution in a second article? Perhaps a CMW? Of course the scenario would be different - where BLP isn't strictly needed and TE alone is sufficient here (CDS) the reverse wouldn't be true as BLP and TE would both should be used. Finally just want to mention releasability. You alluded to it but that is a major differentiator between the two models. Expressing releasability in a TE policy is mathematically possible but it isn't easy or appropriate. Good read. Why don’t you go over one of those situations where BLP/MLS is the better solution in a second article? Perhaps a CMW?

Of course the scenario would be different - where BLP isn’t strictly needed and TE alone is sufficient here (CDS) the reverse wouldn’t be true as BLP and TE would both should be used.

Finally just want to mention releasability. You alluded to it but that is a major differentiator between the two models. Expressing releasability in a TE policy is mathematically possible but it isn’t easy or appropriate.

]]>