Announcement: TrustedBSD Extensions Project
David Collier-Brown - Sun Canada
davecb at scot.canada.sun.com
Mon Apr 10 20:16:00 GMT 2000
Phil Pennock <phil at globnix.org> wrote:
| Hrm - my understanding of mandatory access controls[1] leads me to
| believe that they're of use where you don't trust everyone in your own
| party; whether that's their integrity or their competence is not the
| issue.
| Where you merely have mutually suspicious parties, discretionary access
| control are, AIUI, sufficient.
Actually DAC is for both: it's the implementation of
need-to-know.
MAC is there to separate areas which people are authorized
to work in or not, and between which need-to-knmow doesn't
really mean anything.
One classical civil example is the separation of accounting and
development (;-)) You could use DAC, but then you'd have to
trust that no-one in accounting authorized a developer to access
the payroll programs "to fix it". Thats not trusting insiders.
The other is cooperating companies, who wish strong controls
on cooperative projects, to keep each other out of areas
where they have no business being. That's mutually suspicious
parties.
--dave
--
David Collier-Brown in Boston
Phone: (781) 442-0734, Room BUR03-3632
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list