Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!purdue!bu-cs!bloom-beacon!EXPO.LCS.MIT.EDU!jim
From: jim@EXPO.LCS.MIT.EDU (Jim Fulton)
Newsgroups: comp.windows.x
Subject: re: Security extensions to X
Message-ID: <8912091949.AA02514@kanga.lcs.mit.edu>
Date: 9 Dec 89 19:49:44 GMT
Sender: root@athena.mit.edu (Wizard A. Root)
Organization: X Consortium, MIT Laboratory for Computer Science
Lines: 21


    One possibility is to persue a similar tact as that used by SUN for
    secure NFS.  Use DES (or better) encrypted TCP/IP, each pair of nodes for
    which secure communication must occur share a key for the link.

You need something like this for environments in which you want to prevent
real-time network eavesdropping, but it doesn't help with the CMW requirements.
You need an extension so that you can isolate applications running at different
sensitivity levels.  Since you have to make sure that people can't
inadvertantly change the classification of an object (such as by cutting info
from a Top Secret window and pasting it into an Unclassified one), you have to
make sure that applications running at one level can't determine what else is
running or interfere with it.  This implies manditory and discretionary access
controls as well as sensitivity labels on every resource, support for a
trusted path to the operating system, interactions with grabs, font paths,
colormaps, and input focus.

Talk about being in a maze of twisty passages (and I consider myself basically
ignorant about all of this).... 

Jim