Downgrading labels
Jason Chambers
jchambers at cenic.org
Sat Mar 26 14:34:22 GMT 2005
You might be confused between BIBA and MLS, and how they might work
together. It is not uncommon for a user to be capable of downgrading a
MAC level, although if I remember correctly in some cases they cannot
upgrade back up once dropping down... depending on what type of MAC
your using ? I believe the acceptable upgrade\downgrade levels are
predefined as ranges assigned to a user \ process... otherwise allowing
unspecified transitions is straying away from "Mandatory" access
control. Even if you switch to a different user, your still only
cleared at your MAC levels of the previous.. but i'm getting into the
fuzzy parts of my memory. I might be wrong... It has been a while
since I studied MAC. Places I go to refresh my memory are listed
below.
-- Biba deals with integrity
-- MLS deals with sensitivity
========================
Hacking B1 Trusted Operating Systems
A good review of vendor neutral concepts...
===============================
Found in the DEFCON 8 archives
========================
The Rainbow Series -- have coffee on hand.
========================
http://www.radium.ncsc.mil/tpep/library/rainbow/index.html
http://www.radium.ncsc.mil/tpep/index.html
========================
Random links
========================
www.sis.pitt.edu/~jjoshi/IS2935/Lecture4.ppt
http://www.cse.scu.edu/~tschwarz/coen350/securityModel.html
parsys.cs.uic.edu/~solworth/integratingMacDac.pdf
-Jason
On Mar 25, 2005, at 07:47, Ilmar S. Habibulin wrote:
>
> Lately I've made a detailed look at MAC mls/biba relabel functions and
> found out, that user can downgrade MAC label. Is it correct behaviour?
> I
> feel comfortable with label upgrading for everybody and downgrading
> only
> for privileged users? Maybe i'm missing something?
>
> Any thoughts, comments, direction?
>
> Thanks
>
> To Unsubscribe: send mail to majordomo at trustedbsd.org
> with "unsubscribe trustedbsd-discuss" in the body of the message
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 2199 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/trustedbsd-discuss/attachments/20050326/679c9514/attachment.bin
More information about the trustedbsd-discuss
mailing list