Date: Mon, 13 Oct 97 17:09:09 -0400 From: Christopher Petrilli <petrilli@amber.org> To: "Brian Mitchell" <brian@firehouse.net>, "Colman Reilly" <careilly@monoid.cs.tcd.ie> Cc: "Douglas Carmichael" <dcarmich@mcs.com>, <freebsd-hackers@FreeBSD.ORG>, <freebsd-security@FreeBSD.ORG> Subject: Re: C2 Trusted FreeBSD? Message-ID: <199710132110.RAA29578@dworkin.amber.org>
next in thread | raw e-mail | index | archive | help
>I'm fairly certain acl is _not_ a requirement in the dcl segment of c2.
>acl is, after all, just another form of group control at its very base.
It is not "mandatory," however the following paragraph exerpted from the
TCSEC does make it clear that the exisintg group mechanism is NOT
acceptable:
"The access controls shall be capable of including or excluding
access
to the granulairty of a single user."
This exclusion part is what makes it very difficult. You must be capable
of giving access to everyone BUT a specific user. While theoretically I
guess you could do it by managing billions of sepereate groups, I think
it would fail none the less because of practical enforcement concerns.
THat having been said, there is one other requirement that would need to
be addressed:
* Object Reuse (2.2.1.2)
THis is defined as follows:
"All authorizations to the information contained iwthin a storage object
shall be revoked prior to initial assignment, allocation or reallocation
to a subject from the TCB's pool of unused storage objects. No
information, including encrypted representations of information, produced
by a prior subject's actions is to be available to any subject that
obtains access to an object that has been released back to the system."
Basically, we need to purge all memor when it is allocated, or
deallocated.
Other than that, it's mostly documentation, and audit. I would really
prefer to do an ACL extension to the file system, as I think it's useful
as it is :-)
Chris
--
| Christopher Petrilli "That's right you're
| petrilli@amber.org not from Texas."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710132110.RAA29578>