From: Amon Ott <ao@rsbac.org>
Subject: Re: Rule Set Based Access Control (RSBAC)
Date: Thu, 5 Apr 2001 08:00:33 +0200
Next Article (by Date): Re: Rule Set Based Access Control (RSBAC) Amon Ott
Previous Article (by Date): WWW.RSBAC.DE Christine Hall
Top of Thread: Re: Rule Set Based Access Control (RSBAC) Amon Ott
Next in Thread: Re: Rule Set Based Access Control (RSBAC) Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
On Mon, 02 Apr 2001 Stephen Smalley wrote: > 7) Most of the RSBAC policy modules are very hardwired in their > policy logic, and can be easily expressed using the SELinux Type > Enforcement (TE) configuration. After rereading Section 'Overview' of your 'Security Policy Configuration' paper, and remembering a similar claim at another place, which I had no way of answering, I kindly ask for some explanation. Without knowing your exact model details, I believe your claim 'can be easily expressed using SELinux Type Enforcement' to be - completely wrong for Privacy Model (PM), Malware Scan (MS), Role Compatibility (RC) and Access Control Lists (ACL) - doubtful for Mandatory Access Control (MAC), File Flags (FF) and Authentication (AUTH) - correct for the very simple models Functional Control (FC) and Security Information Modification (SIM) Since I regard all modules except FC and SIM as important models (or at least modules), I hereby ask you to either - prove your claim or - officially take it back for all these models. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): Re: Rule Set Based Access Control (RSBAC) Amon Ott
Previous Article (by Date): WWW.RSBAC.DE Christine Hall
Top of Thread: Re: Rule Set Based Access Control (RSBAC) Amon Ott
Next in Thread: Re: Rule Set Based Access Control (RSBAC) Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]