Re: NSA - Spook Linux


From: Amon Ott <ao@rsbac.org>
Subject: Re: NSA - Spook Linux
Date: Wed, 10 Jan 2001 12:46:55 +0100

Next Article (by Author): Logging documentation Amon Ott
Previous Article (by Author): Re: NSA - Spook Linux Amon Ott
Top of Thread: NSA - Spook Linux "Furmanek, Greg"
Next in Thread: Re: NSA - Spook Linux Peter Busser
Articles sorted by: [Date] [Author] [Subject]


(resent, because most people did not get it)

On Mit, 10 Jan 2001 Don wrote:
> Stephen Smalley <sds@tislabs.com> said:
> 
> > In comparison to traditional lattice-based models like BLP and Biba, Type
> > Enforcement is better suited to providing integrity protection, especially
> 
> I disagree. While forms of type enforcement are not the correct schema for
> an information flow model, there is surprising power in simply keeping
> compartments from interacting. My ramblings on the subject may be found at
> http://research-cistw.saic.com/cace/dte.html.

I just had a short look through your paper, and wondered about your statement
that RC was user, but not process oriented - if you were talking about Linux
processes, you were probably wrong, if you were talking about a scheme with
interaction of several components, I would like to discuss this point.

When designing RC, I tried to make it flexible and powerful enough to even
cover Linux process interactions, based on process types, and to make the roles
independent from the users. The forced roles are a basic concept.

Just as an example: My firewall configurations are mostly protected by RC, FF
and AUTH.

BTW: I just looked up our original discussion of DTE vs. RC in 1999 in the RSBAC
archive.

> You may remember me as the person who won in CTF server at Defcon last year
> for giving out rootshells on a linux box with DTE, an implementation I've
> written independantly. It's described at
> http://www.subterrain.net/~palante/defcon8.html. I'd be happy to discuss
> variations further... However I do agree with what you said about making
> applications unbypassable and tamperproof.. It is definately a strength.

I'd like to make a similar try with RSBAC, but I need somebody with a permanent
and not traffic limited connection for that. Basically, a telnet root access
with RC force role set to some limited role. Compiling etc. granted, most
programs available, etc.

Amon.

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Logging documentation Amon Ott
Previous Article (by Author): Re: NSA - Spook Linux Amon Ott
Top of Thread: NSA - Spook Linux "Furmanek, Greg"
Next in Thread: Re: NSA - Spook Linux Peter Busser
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.