Re: Plans with RSBAC


From: "Paul D. Robertson" <proberts@clark.net>
Subject: Re: Plans with RSBAC
Date: Sun, 17 Oct 1999 20:51:36 -0400 (EDT)

Next Article (by Date): Re: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Re: Overlapping rights ? ao@morpork.shnet.org (A. Ott)
Top of Thread: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


On 7 Oct 1999, A. Ott wrote:

> Hi all!
> 
> I'd like to discuss my current RSBAC wishlist with interested people like  
> you. Please give comments and new wishes, if you need something else -  
> this is another planning phase to keep me busy for a while... ;)

I've been thinking about a few things, but I'm not sure how much is 
"haven't played around enough..." and how much is "Hmmm, this is kind of a 
neat idea, but not ultimately useful."

First with MAC (and I'm currently building another test system, so point 
me to TFM if appropriate) is there a way to set a system default value so 
that any user that isn't assigned to a MAC category can't run anything 
(or indeed log on), until they're added to the "lowest MAC necessary to 
log on?"  This would be so that I could set SYSTEM_MAC to say "secret", 
and then add a user, set the login process and maybe /bin/sh to 
"unclassified", and add the user to "unclassified" and they'd only be 
able to run what was specificly downgraded to that MAC?  A user added to 
"secret" would be able to run anything that wasn't specificly upgraded to 
"top secret", etc.  Is this already a feature, or am I hoping (I tend to 
think in MAC compartment units, but roles would be useful this way too)

Secondly- I'm still working with some ideas on what I like to think of as 
"two man missile key" control, where it takes two people to launch a 
given capability or role.  Ideally, that would include some mechanism to 
"half-grant" a role, MAC or privilige to a user, with the other 
(preferably configurable in number, but two works for me initially) 
grantor assigning the other half of the role.  This would essentially 
mean a mechanism where security officer would be split into multiple 
pieces, so that the role of granting roles wouldn't be tied to a specific 
person.  For instance, if you had a security officer s2-1 and a second 
security officer s2-2, s2-2 could half-grant access to the system, or to 
a MAC to user "newbie."  Then S2-1 would have to half-grant the same 
access to newbie for newbie to be able to {assume a role, access 
information at a MAC...}  Ideally, it would, after initial configuration 
take both administrator keys to add a new administrator to the mix.  
Possible "2 of 3" would be a better rule, so that there could be an ID in 
the safe with credentials should S2-1 leave...

(Hmmm, I'm not sure that makes sense to anyone but me, questions welcomed)

Thanks,

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts@clark.net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Re: Overlapping rights ? ao@morpork.shnet.org (A. Ott)
Top of Thread: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.