Re: Documentation writing


From: Amon Ott <ao@rsbac.org>
Subject: Re: Documentation writing
Date: Thu, 2 Aug 2001 12:40:02 +0200

Next Article (by Author): Re: acl and more Amon Ott
Previous Article (by Author): Re: Planning v1.2.0 - update2 Amon Ott
Top of Thread: Documentation writing Fabrice MARIE
Articles sorted by: [Date] [Author] [Subject]


On Don, 02 Aug 2001 Fabrice MARIE wrote:
> I have a good news and a bad news !
> 
> The good news is I've just started writing some documentation on RSBAC.
> The bad news is that since I'm not an expert in RSBAC I will
> have to post a lot of questions, and I will have to experiment a step
> further that what I've already done (so it is going to take time before
> you get the resulting doc... The goal is to explain how the models work,

This is good.

> and to give some examples of usage. I will start by MAC for today...
> 
> So here comes the first question: (Amon ? ;-)
> In the page http://www.rsbac.org/models.htm#mac, at the chapter
> "The RSBAC MAC implementation", we can read :
> 
> "The Unix System V/MLS model has been changed to fit into the RSBAC
> access request scheme, which knows more than 30 types of access.
> Also, write-up is implemented in the original way, so that you can
> always write to all higher levels. From version 1.1.1 onwards, writing
> is only allowed on the same level."
> 
> For version 1.1.1 onwards,
> Should I understand that it's almost a combination of Biba+BLP ?
> (I say "almost" because as I understand it would still be possible
> to read-down ..).

Well, it is like in System V/MLS. Unlimited write-up is too dangerous. IMHO, it
is still not Biba+BLP.
  
> Finally, we can read:
> "*-property enforcement is done with upper and lower bounds, called
> min_write and max_read. These values are reset only on execution of
> another program, not at process forking/cloning time or closing of
> files, because only new execution empties the process memory space."
> 
> I thought (maybe naively ;-) that the *-property simply (and totally)
> denied write-down from subject with high security level to object with
> low security level.. Can you tell more about these bounds ?

*-property is about data flow from higher to lower level _objects_.

Instead of going through all open files' attributes for every access to find a
possible data flow downwards, we simply memorize the lowest level a process has
written to and the highest it has read from. All new opens must keep within
min_write >= new opened object >= max_read and the current level of the process
must also stay within that area.

This is too restrictive, but it satisfies the *-property, is much faster
than a full check and a good approximation for many cases.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Re: acl and more Amon Ott
Previous Article (by Author): Re: Planning v1.2.0 - update2 Amon Ott
Top of Thread: Documentation writing Fabrice MARIE
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.