MAC implementation with definable policy
James Buster
bitbug at seal.engr.sgi.com
Wed Sep 29 21:29:48 GMT 1999
On Sep 29, 8:23pm, "Ilmar S. Habibulin" wrote:
} If i understand this correctly - it is some sort of access matrix (acl?).
MAC can be modeled as an access matrix. That is in fact how Bell and
LaPadula modeled MAC.
} The main feature of MAC is control of information flows, to prevent
} unauthorized information declassification(lowering the label). imho.
But the definition of how information flows is fixed by the
implementation. The MAC implementation I posted allows you
to define nearly any information flow you want.
} FLAME!!! ;-) test core dumps after "policy size == 520", C compiler says
} "invalid option: `-fullwarn'".
Remove -fullwarn from the Makefile. As for the core dump, you must
specify two label names after the command, like so:
./test -d dblow userlow
Then things will work correctly. The test driver doesn't check
argv like it should, but that's not usually a problem, since
it's only a test framework. The MAC routines themselves *do*
check things.
} It's not MAC as i understand it, it does not reflect all aspects of
} confidential data processing.
MAC in general does not "reflect all aspects of confidential data processing".
--
Planet Bog -- pools of toxic chemicals bubble under a choking
atomsphere of poisonous gases... but aside from that, it's not
much like Earth.
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list