MAC implementation with definable policy

Ilmar S. Habibulin ilmar at ints.ru
Fri Oct 1 07:25:45 GMT 1999 

On Thu, 30 Sep 1999, James Buster wrote:

> } My point is that if process have access but don't read
> } SUPER_VERY_SECRET_FILE with VERY_HIGH_MAC_LABEL, it should not create
> } SOME_GARBAGE_UNNECESSARY_FILE with VERY_HIGH_MAC_LABEL. Am i wrong?
> } (i'm standing for floating hierarchycal label(or better levels)).
> It sounds like you want information labels. They're not "wrong",
> but having implemented a system with them I can say they are
> generally useless and annoying.
Sorry, but didn't understood what info-labels is. I'm talking only about
my understanding of confidential docs processing and MAC according to
orange book.

> That's not a property of the Mandatory part of MAC. You *could* have
> a DAC policy that places attributes on files which look suspiciously like
> MAC labels but permit object owners to change the level and/or categories
> of those labels. Flow control would still be enforced, but only at an
> object owner's discretion.
Ok, maybe i'm wrong. I'll think about it.

> } Where can i read about prohibition of changing non-hierarchical
> } categories?
> This assumption is called, I believe, the tranquility property.
> Any MAC policy which permitted unprivileged users to change the categories
> of MAC labels wouldn't be Mandatory, would it?
Why can't unprivileged user raise the sensivity level of an object(file)
and limit categories (decrease their amount)? What's the threat?

> } There is another sort of confution, like with levels. Non-hierarchical
> } categories can be used to point to the project (for ex.) the file related
> } to. So if person has access to more than one project, he(she) will create
> } file accessible to all project he(she) has access.
> Only if the user logs in with a label having all those categories.
> Users may have more than one MAC label that they may log in with,
> and those MAC labels may have different category sets.
At this point our discussion is closing to lets say 'manual' and
'automated' MAC labels use implementation. You are standing for manual
use, when the user/process should request MAC label change if he has such
rights(and labels). I'm standing for 'automated' MAC label changing while
multilevel document processing. Again a lot of food for thought for me.


To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list