Re: time policy


From: "Boldizsar BENCSATH" <boldi@dc.hu>
Subject: Re: time policy
Date: Sun, 8 Jul 2001 22:05:17 +0200

Next Article (by Date): direct access to devices Arkady A Drovosekov
Previous Article (by Date): Re: patch-2.4.6-v1.1.1.gz uploaded to /pre, mount hangs fixed? "john huttley"
Top of Thread: time policy Fabrice MARIE
Articles sorted by: [Date] [Author] [Subject]


I haven't read all these infos but some ideas:

Role incompatibility: for example a process with webserver role can't run a
program that tries to get 'installer'  or system administrator role. (needs
a 3. role)

It could be very useful if I could set up, when is a ROLE available. for
example, the 'installer' is only available from 6pm to 8pm.
In an advanced version: A simple user can only switch to 'installer' if it's
5-6pm, but he can switch to a 'trusted' role which can turn to 'installer'
every time. or so.

Another time idea: It could be also useful, if a system administrator role
could make some special things , but only in the first 50 minutes from the
last boot. (in the first 50 mins the system startup scripts could do
everything, but after 50m there is no more ... (I think the 99% of system
compromises is after 50mins (15 mins etc))

----- Original Message -----
From: "Amon Ott" <ao@rsbac.org>
To: "RSBAC List" <rsbac@compuniverse.de>
Sent: Friday, July 06, 2001 5:30 PM
Subject: Re: time policy


> On Mit, 04 Jul 2001 Fabrice MARIE wrote:
> > I'm reading the Handbook of Information Security Management by
> > Micki Krause and Harold F. Tipton,
> > and I came to an interesting thing :
> > http://secinf.net/info/misc/handbook/081-085.html
> > The last section of the page mention a time-based policy.
> > What do you think about it ?
>
> Can be useful.
>
> > How difficult would it be to add this to RSBAC ?
>
> Pretty easy. Most would be for administration: When is which user allowed
> to work.
>
> A simple version could be implemented via REG within one or two days.
>
> Amon.
> -
> To unsubscribe from the rsbac list, send a mail to
> majordomo@rsbac.org with
> unsubscribe rsbac
> as single line in the body.
>

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): direct access to devices Arkady A Drovosekov
Previous Article (by Date): Re: patch-2.4.6-v1.1.1.gz uploaded to /pre, mount hangs fixed? "john huttley"
Top of Thread: time policy Fabrice MARIE
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.