Announcement: TrustedBSD Extensions Project
Phil Pennock
phil at globnix.org
Mon Apr 10 19:28:41 GMT 2000
Typing away merrily, Robert Watson produced the immortal words:
> o Mandatory access control for privacy and integrity, allowing FreeBSD to
> be used in environments hosting mutually suspicious parties and
> multi-level security models.
Hrm - my understanding of mandatory access controls[1] leads me to
believe that they're of use where you don't trust everyone in your own
party; whether that's their integrity or their competence is not the
issue.
Where you merely have mutually suspicious parties, discretionary access
control are, AIUI, sufficient. Excepting for DoS attacks.
In what situations not involving lack of trust in your own party do MACs
protect against another party? If you are worried about DoS attacks,
then aren't resource quotas sufficient, as opposed to all-out MACs, with
all that implies for abolishing covert timing channels? *wince*
Not on the mailing-list (unless it's autosubscribe) so please CC me on
on any relevant follow-ups. Ta.
[1] I've never played with a system which has them.
--
HTML email - just say no --> Phil Pennock
"We've got a patent on the conquering of a country through the use of force.
We believe in world peace through extortionate license fees." -Bluemeat
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list