Re: Implementation questions

From: ao@morpork.shnet.org (A. Ott)
Subject: Re: Implementation questions
Date: 31 Jan 1999 11:59:00 +0100

Next Article (by Author): rsbac-patch-2.2.1-v1.0.7a-pre1 ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): Re: Implementation questions ao@morpork.shnet.org (A. Ott)
Top of Thread: Implementation questions "Paul D. Robertson"
Articles sorted by: [Date] [Author] [Subject] 

********* ***************** ********** ****  *****   ***** ************
  To subject Re: Implementation questions
  alago@galeno.unicies.cesga.es (Alvaro Jose Fernandez Lago)  wrote:
********** ******************** ******  ********  ******* *************

> > To be honest, noboby really asked for that before, and I like the RC model
> > more, which will give much more flexible 'compartments'. So I did not code
> > it. It's not that much work, though, because sets have already been
> > implemented in the PM code. Cut and paste are your friends...
> >
> > Do you want me to add compartments to MAC, or will RC do the job for you?
>
> I wanna you to add compartments to MAC ! :-). I suggest it will
> nearly complete the MAC module , except for Information Labels,
> "handling caveats"/markings and the like.

But are you going to use it?

Anyway, I put it on the to-do-list, but there should be a limit to 64  
compartments. Thus there will be no costly list based subset operations,  
but fast bit operations - one operation compared to two list traversals.

Would that be enough?

> We're eval. Trusted Solaris 2.5.1 and, in the future, HP-UX 10.16 CMW.
> And of course Linux RSBAC!

:)

I would not dare to compare RSBAC with MAC module to those, there is a lot  
of security analysis and testing needed before. BTW, MAC module extends  
some design decisions from Unix System V/MLS. The automatic selection of  
the current security level with upper and lower boundaries (mac_auto) was  
my own idea.

> > > > If all of you help with bug/success reports, suggestions, advocacy and
> > > > maybe a few patches this won't be too long away.
>
> I'm very sorry I cannot at the moment help with coding, but yes
> with advocacy and testing. I feel RSBAC a
> superb security development for Linux, and hope it will catch ample
> audience. I think its a natural succesor of "PSL" and linux-privs, which
> halted...

For me RSBAC has a huge potential as a test system for new security models  
as well as a security enhanced, low cost server system. I definately want  
to use it in customised internet server and firewall systems soon.

Amon.

--
Please remove second ao for E-Mail reply - no spam please!
## CrossPoint v3.11 ##
-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): rsbac-patch-2.2.1-v1.0.7a-pre1 ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): Re: Implementation questions ao@morpork.shnet.org (A. Ott)
Top of Thread: Implementation questions "Paul D. Robertson"
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.