RFC: Requirements for MAC policies and implementation
Andrew R. Reiter
arr at watson.org
Wed Sep 20 05:34:51 GMT 2000
On Wed, 20 Sep 2000, Robert Watson wrote:
> - Multi-Level Security Model (MLS)
> - MLS is fairly cut-and-dry -- I'd assume support for
> static labels, some fixed finite bound on the number of
> sensitivity levels, and support for non-hierarchal categories.
> All trusted operating systems support this model, albeit
> some in a more general manner than others.
Awhile back I think Jon T Bowie and I discussed MLS for process execution
and felt that it would be a _great_ thing to have implemented.. and as
time would have it... we never did. I brougth this up to in a
conversation on IRC with Robert; we both felt it was a good thing, yet
felt, IIRC, there was more to it than just process execution. I
completely agree and while I think the idea of a MIB-like structure for
processes to be executed, I think there is much more to it (again).
> There are a number of resources that participants might find useful for
> framing the discussion, including technial reports and documentation from
> Argus Systems (http://www.argussystems.com/pitbull/,
> http://www.argusrevolution.com/), and SGI
> (http://oss.sgi.com/projects/ob1/doc/). Keeping standard CC protection
> profiles in mind is also good, so
> http://www.radium.ncsc.mil/tpep/library/protection_profiles/index.html is
> also a useful reference.
Thank you very much.
> For reference with regards to long term development plans, this MAC
> implementation would be prior to the implementation of a generalized
> labeling and access control scheme such as Poligraph, but would be a
> useful step towards the implementation of such a system, providing a
> stronger understanding of requirements for the implementation of these
> common MAC schemes.
> Robert N M Watson
Thanks Robert for starting this off... _GREAT_ initial email. What I
would love to see, since I am unable to run some of the MAC implemented
OSes.. is some statistics on speed and reliability, etc.. While I think
there are definitely other key issues invovled here, I think I'd like to
make speed one of them.
Also, I would imagine doing the Biba or MLS schemas would be easier on a
higher level to manage than a jail()-like implementation over a system
wide standpoint. Am I wrong to think this?
| Andrew R. Reiter
| arr at fledge.watson.org
| "It requires a very unusual mind
| to undertake the analysis of the obvious" -- A.N. Whitehead
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss