[cap-talk] What's "Discretionary Security" (was: Another "core" principle, capability communication)
Mark S. Miller
markm at cs.jhu.edu
Sun Dec 31 11:11:25 CST 2006
Bill Frantz wrote:
> Looking at shap's definition:
>> A discretionary policy is any policy that a process elects (i.e. makes a
>> voluntary decision and acts accordingly) to enforce. A mandatory policy
>> is a policy that is enforced on a process in such a way that the process
>> has no control over it.
> If a process A can give process B access to resource R, then its policy is
> discretionary. If A has access to R, but can not give it to B, then an
> mandatory policy is being enforced on A and B. There are a bunch of different
> ways such a policy could be enforced. One is to include security labels on A,
> B, and R, with a reference monitor to enforce the rules. Another is limits on
> the communication path(s) between A and B.
So, going back to my example
> Let's start with a plain conventional Unix ACL-ish example. I create a file
> foo.txt. I choose not to give you write permission on this file. Are we
> interacting using mandatory or discretionary security?
how would you describe it using these terms?
Text by me above is hereby placed in the public domain
More information about the cap-talk