From: Fabrice MARIE <fabrice@celestix.com>
Subject: Documentation writing
Date: Thu, 2 Aug 2001 16:39:04 +0000
Next Article (by Author): Re: general questions Fabrice MARIE
Previous Article (by Author): Re: Admin Suite compile problems Fabrice MARIE
Next in Thread: Re: Documentation writing Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
Hello, I have a good news and a bad news ! The good news is I've just started writing some documentation on RSBAC. The bad news is that since I'm not an expert in RSBAC I will have to post a lot of questions, and I will have to experiment a step further that what I've already done (so it is going to take time before you get the resulting doc... The goal is to explain how the models work, and to give some examples of usage. I will start by MAC for today... So here comes the first question: (Amon ? ;-) In the page http://www.rsbac.org/models.htm#mac, at the chapter "The RSBAC MAC implementation", we can read : "The Unix System V/MLS model has been changed to fit into the RSBAC access request scheme, which knows more than 30 types of access. Also, write-up is implemented in the original way, so that you can always write to all higher levels. From version 1.1.1 onwards, writing is only allowed on the same level." For version 1.1.1 onwards, Should I understand that it's almost a combination of Biba+BLP ? (I say "almost" because as I understand it would still be possible to read-down ..). Finally, we can read: "*-property enforcement is done with upper and lower bounds, called min_write and max_read. These values are reset only on execution of another program, not at process forking/cloning time or closing of files, because only new execution empties the process memory space." I thought (maybe naively ;-) that the *-property simply (and totally) denied write-down from subject with high security level to object with low security level.. Can you tell more about these bounds ? Thanks for your help, Fabrice. -- Fabrice MARIE R&D Engineer Celestix Networks http://www.celestix.com/ "Silly hacker, root is for administrators" -Unknown - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Author): Re: general questions Fabrice MARIE
Previous Article (by Author): Re: Admin Suite compile problems Fabrice MARIE
Next in Thread: Re: Documentation writing Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]