|
Hi Nir,
You said:
Also -
remember that there is a difference of abstraction between an information flow
control requirement, and an information flow control mechanism. Thus you might
find that a given mechanism can be used to meet both types of requirements.
=>
I agree.
You
might also find that it is possible to meet some objectives with either access
control or information flow control requirements.
=>
I agree.
The
NIB guidance states: "In determining which policy to use in writing a
security target or profile, it is
extremely important not to let the actual or planned implementation affect the choice of policy.
=>
It is hard for me to understand the meaning of the
NIB guidance.
In my
normal ( or deviated ? ) sense, it seems natural to let the
actual or planned implementation affect the choice of
policy.
What's
wrong? Why it is important not to do so?
Is
there some hidden paradox here?
Yokota
|