MAC implementation with definable policy

[Ilmar S. Habibulin]

On Thu, 30 Sep 1999, James Buster wrote:

> } Ok. I'm reading file with labelA, then i'm reading file with labelB, which
> } dominates labelA. After reading i'm cleating new file. What label should
> } it have?
> The same label your process has.
Ok, process have labelC, that dominates labelB and labelA. So we create
file with labelC - why? Or process have another label? What label does
process have in your implementation of MAC?

> } The label is some sort of ACL. i'm cofused...
> No, it's not. First of all, ACLs are a discretionary access mechanism.
> Second, no user or list of users is associated with my MAC labels.
I said 'some sort of acl' - not posix acls. Simply Access Control List.

> } But BL MAC implementation is much more simplier. And i do not understand,
> } why can't i emulate your approach using BL MAC and ACL?
> BL labels have a fixed, partial ordering between them. The dominate
> relationship is transitive. My implementation does not require that
> the dominate relationship be transitive.
That's why i am confused. Your approach is not MAC, as described by papers
i read. All of them pointed to BL model.

> } > MAC in general does not "reflect all aspects of confidential data
> } > processing".
> } But Bell and LaPadula thought so, while creating their model.
> I wonder what they meant by that. I would classify both discretionary
> and cryptographic mechanisms as important parts of confidential data
> processing.
If you have some secret document in paper - you don't encrypt it, aren't
you? And discretionary mechanism exists in BLM - it's non-hyerarchical
categories. I don't implement them, because i thought that they are DAC or
can be emulated by DAC. Now i understand, that i was wrong. I will
implement it ASAP.


To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message