Bell LaPadula (was Re: MAC implementation with definable policy)
James Buster
bitbug at seal.engr.sgi.com
Thu Sep 30 21:04:38 GMT 1999
On Sep 30, 12:07pm, "Peter J. Holzer" wrote:
} On 1999-09-30 00:07:38 -0700, James Buster wrote:
} > On Sep 30, 8:55am, "Ilmar S. Habibulin" wrote:
} > } Ok. I'm reading file with labelA, then i'm reading file with labelB, which
} > } dominates labelA. After reading i'm cleating new file. What label should
} > } it have?
} >
} > The same label your process has.
}
} Forgive me for showing off my ignorance, but I never understood how the
} BL model was supposed to work. To read the file with labelB, your
} process needs a label which is at least as high as labelB. But if all
} the files it creates have this label, no process with a lower label can
} ever read any output of this program.
Correct. Information can only flow from a less sensitive to a more
sensitive container. To use a cliche, a person cleared for Top Secret
information can read Secret information, but can never *create* Secret
information, since there is no way of ensuring that this user didn't
accidentally or purposefully add Top Secret information into that
Secret container.
--
Planet Bog -- pools of toxic chemicals bubble under a choking
atomsphere of poisonous gases... but aside from that, it's not
much like Earth.
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list