You are here


Observations on information security.

The MLS Assurance Problem

Members of the defense community identified the need for MLS-capable systems in the 1960s, and a few vendors implemented the basic features (Weissman 1969, Hoffman 1973, Karger and Schell 1974). However, government studies of the MLS problem emphasized the danger of relying on large, opaque operating systems to protect really valuable secrets (Ware 1970, Anderson 1972). Operating systems were already notorious for unreliability, and these reports highlighted the threat of a software bug allowing leaks of highly sensitive information. The recommended solution was to achieve high assurance through extensive analysis, review, and testing.

Wordpress tag: 
Post category: 

The MLS Problem

Many businesses and organizations need to protect secret information, and most can tolerate some leakage. Organizations who use MLS systems tolerate no leakage at all. Businesses may face legal or financial risks if they fail to protect business secrets, but they can generally recover afterwards by paying to repair the damage. At worst, the business goes bankrupt. Managers who take risks with business secrets might lose their jobs if secrets are leaked, but they are more likely to lose their jobs to failed projects or overrun budgets. This places a limit on the amount of money a business will invest in data secrecy.

Wordpress tag: 
Post category: 

More Links

Multilevel Security and Internet Servers

I wrote the following message as part of a discussion on the old Firewalls mailing list in 1996. The message was part of a discussion on the use of MLS technology to protect Internet servers from attack. The basic concepts still apply in some ways, though the threats have evolved in many other ways.

Post category: 

One-Time Pads

The one-time pad is the only encryption technique that has been mathematically proven to be uncrackable. While hard to use, it has often been the choice for highly sensitive traffic. Soviet spies used one-time pads in the 1940s and -50s. The Washington-Moscow "hot line" also uses one-time pads. However, the technique is hard to use correctly.

Wordpress tag: 
Post category: 

Encrypting with XOR: A Graphic Example

The exclusive or operation - a logical function applied to binary bits, like AND, OR, and NOT - is a fundamental encryption technique. It is often used in stream ciphers, which are widely used in web browsers when connecting to secure web servers.

Post category: 

Stream Ciphers

Whenever your browser establishes a “secure” connection to a web site, it encrypts the data. Traditionally, the browser and site use a stream cipher called Rivest Cipher #4 (RC4), although some sites use newer techniques.

Stream ciphers use a deceptively simple mechanism: you combine the plaintext data, bit by bit, with “key” bits, using the exclusive or operation. This is often abbreviated xor, and denoted by ⊕ - a circle with a cross.

Post category: 

Mordac's Rules

Do password policies \

Do password rules prevent information services?

Password guidelines did not start out with such complicated rules; the rules evolved in response to evolving attacks.
Post category: 

Articles and Papers

Here is a list of articles and papers I have produced. Where possible, I include a link to the paper. If there are co-authors, they are listed at the end of the entry.


This page provides links to the presentation slides for some talks I have given.

Post category: 


Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer