Documentation writing


From: Fabrice MARIE <fabrice@celestix.com>
Subject: Documentation writing
Date: Thu, 2 Aug 2001 16:39:04 +0000

Next Article (by Author): Re: general questions Fabrice MARIE
Previous Article (by Author): Re: Admin Suite compile problems Fabrice MARIE
Next in Thread: Re: Documentation writing Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Hello,

I have a good news and a bad news !

The good news is I've just started writing some documentation on RSBAC.

The bad news is that since I'm not an expert in RSBAC I will
have to post a lot of questions, and I will have to experiment a step
further that what I've already done (so it is going to take time before
you get the resulting doc... The goal is to explain how the models work,
and to give some examples of usage. I will start by MAC for today...

So here comes the first question: (Amon ? ;-)
In the page http://www.rsbac.org/models.htm#mac, at the chapter
"The RSBAC MAC implementation", we can read :

"The Unix System V/MLS model has been changed to fit into the RSBAC
access request scheme, which knows more than 30 types of access.
Also, write-up is implemented in the original way, so that you can
always write to all higher levels. From version 1.1.1 onwards, writing
is only allowed on the same level."

For version 1.1.1 onwards,
Should I understand that it's almost a combination of Biba+BLP ?
(I say "almost" because as I understand it would still be possible
to read-down ..).

Finally, we can read:
"*-property enforcement is done with upper and lower bounds, called
min_write and max_read. These values are reset only on execution of
another program, not at process forking/cloning time or closing of
files, because only new execution empties the process memory space."

I thought (maybe naively ;-) that the *-property simply (and totally)
denied write-down from subject with high security level to object with
low security level.. Can you tell more about these bounds ?


Thanks for your help,

Fabrice.
-- 
Fabrice MARIE
R&D Engineer
Celestix Networks
http://www.celestix.com/

"Silly hacker, root is for administrators" 
       -Unknown
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Re: general questions Fabrice MARIE
Previous Article (by Author): Re: Admin Suite compile problems Fabrice MARIE
Next in Thread: Re: Documentation writing Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.