New Security Model
The “Orange Book” doesn’t work for the new environment.
Systems run the gamut from multi-company Web servers to individual PCs.
Need very fine-grained security for things like credit card numbers.
How do users and/or administrators manage such a security model?