jchambers at cenic.org
Sat Mar 26 14:34:22 GMT 2005
You might be confused between BIBA and MLS, and how they might work
together. It is not uncommon for a user to be capable of downgrading a
MAC level, although if I remember correctly in some cases they cannot
upgrade back up once dropping down... depending on what type of MAC
your using ? I believe the acceptable upgrade\downgrade levels are
predefined as ranges assigned to a user \ process... otherwise allowing
unspecified transitions is straying away from "Mandatory" access
control. Even if you switch to a different user, your still only
cleared at your MAC levels of the previous.. but i'm getting into the
fuzzy parts of my memory. I might be wrong... It has been a while
since I studied MAC. Places I go to refresh my memory are listed
-- Biba deals with integrity
-- MLS deals with sensitivity
Hacking B1 Trusted Operating Systems
A good review of vendor neutral concepts...
Found in the DEFCON 8 archives
The Rainbow Series -- have coffee on hand.
On Mar 25, 2005, at 07:47, Ilmar S. Habibulin wrote:
> Lately I've made a detailed look at MAC mls/biba relabel functions and
> found out, that user can downgrade MAC label. Is it correct behaviour?
> feel comfortable with label upgrading for everybody and downgrading
> for privileged users? Maybe i'm missing something?
> Any thoughts, comments, direction?
> To Unsubscribe: send mail to majordomo at trustedbsd.org
> with "unsubscribe trustedbsd-discuss" in the body of the message
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 2199 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/trustedbsd-discuss/attachments/20050326/679c9514/attachment.bin
More information about the trustedbsd-discuss