Re: Feature request for 1.2 (or for 2.0)


From: janos.milus@dataware.debis.hu
Subject: Re: Feature request for 1.2 (or for 2.0)
Date: Thu, 29 Mar 2001 18:49:38 +0200

Next Article (by Date): Question "Vitalik Shakhov"
Previous Article (by Date): Re: About setreuid() and setresuid() Amon Ott
Top of Thread: Feature request for 1.2 (or for 2.0) janos.milus@dataware.debis.hu
Next in Thread: Re: Feature request for 1.2 (or for 2.0) Amon Ott
Articles sorted by: [Date] [Author] [Subject]


> It is even a bit more complicated: If access is to be redirected, the
original
> target will not be touched at all. What do we do, if another module
denies
> access to this file - do we just take the second (rerun) result, or deny
access?
>
> Taking the last result only is probably the best way.

It is just a brainstorm:
As I know (but I may wrong) there is a list wich contains pointers to the
registered decision modules. If there is a system call, you go through this
list and call the modules. The modules says GRANTED, NOT_GRANTED,
DO_NOT_CARE,
etc. If there is just one NOT_GRANTED return, the access is not granted.
I may wrong, but in this case the remain of the list is not called.

Make a new return value: REDIRECT, that redirects the target and rerun the
decision circle. If the security officer could change the order of the
list,
he could decide when he want to make redirection: first, last, or somewhere
in the middle. It solve the conflict between redirection modules, too. Of
course,
the order of modules must be store in the filesystem, becouse in the next
boot
it must remain the same. If new module registered, it goes to the end of
the list.
(dreams, sweat dreams...)

>
> Well... I try to keep things simple. Just remember when you first tried
to use
> RSBAC, how did you feel?
>

;) RSBAC was the 4th rule-based (mandantory) access control in the u*x
world
what I see. The first was a little bit confusing at first time,
of course. But there was no suprise in RSBAC.

As I see in the rule-based access control systems there is 2 important
things:
(1) How deeply math-based, how fine there materialize a theoretical models
    (for example the medusa is too ad-hoc, it is easy to make covered
     channel in it. In thit point the RSBAC is one of the bests)
(2) How easy to integrate it to the production system. In this scale the
    medusa is better than the RSBAC. (I speak about the Bell-LaPadula
module,
    becouse the other RSBAC modules don't control the information
streaming,
    just the information access.)
    The HALO model implemented in medusa much easily integrated to the
production
    systems. The redirection may change this order without change the
previous.

Regards
Janos Milus


-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Question "Vitalik Shakhov"
Previous Article (by Date): Re: About setreuid() and setresuid() Amon Ott
Top of Thread: Feature request for 1.2 (or for 2.0) janos.milus@dataware.debis.hu
Next in Thread: Re: Feature request for 1.2 (or for 2.0) Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.