From: Amon Ott <ao@rsbac.org>
Subject: Re: Documentation writing
Date: Thu, 2 Aug 2001 12:40:02 +0200
Next Article (by Author): Re: acl and more Amon Ott
Previous Article (by Author): Re: Planning v1.2.0 - update2 Amon Ott
Top of Thread: Documentation writing Fabrice MARIE
Articles sorted by: [Date]
[Author]
[Subject]
On Don, 02 Aug 2001 Fabrice MARIE wrote: > I have a good news and a bad news ! > > The good news is I've just started writing some documentation on RSBAC. > The bad news is that since I'm not an expert in RSBAC I will > have to post a lot of questions, and I will have to experiment a step > further that what I've already done (so it is going to take time before > you get the resulting doc... The goal is to explain how the models work, This is good. > and to give some examples of usage. I will start by MAC for today... > > So here comes the first question: (Amon ? ;-) > In the page http://www.rsbac.org/models.htm#mac, at the chapter > "The RSBAC MAC implementation", we can read : > > "The Unix System V/MLS model has been changed to fit into the RSBAC > access request scheme, which knows more than 30 types of access. > Also, write-up is implemented in the original way, so that you can > always write to all higher levels. From version 1.1.1 onwards, writing > is only allowed on the same level." > > For version 1.1.1 onwards, > Should I understand that it's almost a combination of Biba+BLP ? > (I say "almost" because as I understand it would still be possible > to read-down ..). Well, it is like in System V/MLS. Unlimited write-up is too dangerous. IMHO, it is still not Biba+BLP. > Finally, we can read: > "*-property enforcement is done with upper and lower bounds, called > min_write and max_read. These values are reset only on execution of > another program, not at process forking/cloning time or closing of > files, because only new execution empties the process memory space." > > I thought (maybe naively ;-) that the *-property simply (and totally) > denied write-down from subject with high security level to object with > low security level.. Can you tell more about these bounds ? *-property is about data flow from higher to lower level _objects_. Instead of going through all open files' attributes for every access to find a possible data flow downwards, we simply memorize the lowest level a process has written to and the highest it has read from. All new opens must keep within min_write >= new opened object >= max_read and the current level of the process must also stay within that area. This is too restrictive, but it satisfies the *-property, is much faster than a full check and a good approximation for many cases. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Author): Re: acl and more Amon Ott
Previous Article (by Author): Re: Planning v1.2.0 - update2 Amon Ott
Top of Thread: Documentation writing Fabrice MARIE
Articles sorted by: [Date]
[Author]
[Subject]