Comments on: Security Anti-Pattern: MLS for Guards http://securityblog.org/brindle/2008/05/18/security-anti-pattern-mls-for-guards/ The ramblings of security neophyte Joshua Brindle Wed, 30 Jun 2010 13:49:45 +0000 http://wordpress.org/?v=2.9 hourly 1 By: Spencer http://securityblog.org/brindle/2008/05/18/security-anti-pattern-mls-for-guards/comment-page-1/#comment-33395 Spencer Tue, 27 May 2008 13:42:52 +0000 http://securityblog.org/brindle/?p=24#comment-33395 Good read. Why don't you go over one of those situations where BLP/MLS is the better solution in a second article? Perhaps a CMW? Of course the scenario would be different - where BLP isn't strictly needed and TE alone is sufficient here (CDS) the reverse wouldn't be true as BLP and TE would both should be used. Finally just want to mention releasability. You alluded to it but that is a major differentiator between the two models. Expressing releasability in a TE policy is mathematically possible but it isn't easy or appropriate. Good read. Why don’t you go over one of those situations where BLP/MLS is the better solution in a second article? Perhaps a CMW?

Of course the scenario would be different – where BLP isn’t strictly needed and TE alone is sufficient here (CDS) the reverse wouldn’t be true as BLP and TE would both should be used.

Finally just want to mention releasability. You alluded to it but that is a major differentiator between the two models. Expressing releasability in a TE policy is mathematically possible but it isn’t easy or appropriate.

]]>