Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Oct 1997 08:37:54 -0700 (PDT)
From:      Brian Beattie <beattie@stt3.com>
To:        Christopher Petrilli <petrilli@amber.org>
Cc:        Brian Mitchell <brian@firehouse.net>, Colman Reilly <careilly@monoid.cs.tcd.ie>, Douglas Carmichael <dcarmich@mcs.com>, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject:   Re: C2 Trusted FreeBSD? 
Message-ID:  <Pine.GSO.3.95.971014083012.1809E-100000@durin>
In-Reply-To: <199710132110.RAA29578@dworkin.amber.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 13 Oct 1997, Christopher Petrilli wrote:

> It is not "mandatory," however the following paragraph exerpted from the 
> TCSEC does make it clear that the exisintg group mechanism is NOT 
> acceptable:
> 
>      "The access controls shall be capable of including or excluding 
> access
>       to the granulairty of a single user."
> 
> This exclusion part is what makes it very difficult.  You must be capable 
> of giving access to everyone BUT a specific user.  While theoretically I 
> guess you could do it by managing billions of sepereate groups, I think 
> it would fail none the less because of practical enforcement concerns.
> 

This is an over-rigous reading of this requirement.  The Gould (B1?)
system made it clear that UNIX access control meets this requirement.
This can be understood when you read the requirement to say that: it must
be possible to exclude access to an object by one particular user.  This
does not say that the system must provide a mechanizim to exclude access
to an object by everyuser on a user-by-user basis, a requirement every
system would fail.

When reading the Orange Book, remember that to meet the requirements it is
in general sufficent to meet only the minumum requirements.  The authors
were very careful is laying out the requirements with-out makeing
asumptions on how they might be met.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.95.971014083012.1809E-100000>