Is Multi Level Security the Answer to Our InfoSec Woes?
It seems to me that for some reason almost everyone in the tech community doesn't know about Multi Level Security. (AKA Capability Based Security)
Multi-Level Security was developed in the 1970s after there were problems with air traffic control/flight plan data processing issues related to security classification levels during the Viet-Nam war.
Operating Systems that supported Capabilities such as GNOSIS were in operation in the 1970s. Multics was planned to add Capability Object support.
Unix short-circuited history, and for the most part, Capabilities were forgotten, because they were seen as unnecessary and wasteful of resource.
I believe it is time to re-examine these beliefs, and start a push towards widely deploying Multi Level Secure systems.
References:
https://en.wikipedia.org/wiki/Multilevel_security https://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_model https://en.wikipedia.org/wiki/KeyKOS https://en.wikipedia.org/wiki/Genode http://cap-lore.com/CapTheory/KK/
[Edit: Formatting/Spelling]
I want to know if I'm on the right path, or there is some aspect of this that I'm wildly wrong about.