[cap-talk] Communicating conspirators, MLS, and the Boebert attack

Bill Frantz frantz at pwpconsult.com
Thu Jul 20 21:27:52 EDT 2006 

donnelley1 at webstart.com (Jed at Webstart) on Thursday, July 20, 2006 wrote:

>>If DVH did have such capabilities, then Boebert's analysis is correct.
>>Low writes a capability to a c-list that High can read.  I didn't think
>>that was the case.  If it is, then I misunderstood DVH, Boebert's
>>analysis does apply, and this whole discussion has been a waste of time.
>>My Bad.
>
>DVH could store capabilities in c-lists and also store them
>and fetch them from what the paper referred to as "directories":
>
>"a directory consists of a collection of capabilities"
>
>(from DVH pg. 151, just above "Directories and Naming").
>Such directories showed up in the PDP-1 system and
>in RATS.  One could store capabilities into them and
>fetch capabilities from them.

The KeyKOS approach to MLS was to build a MLS monitor with capabilities
as the glue.  See:
<http://www.agorics.com/Library/KeyKos/keysafe/Keysafe.html>.  See also:
Rajunas, S. A., et al., "Security in KeyKOS", Proceedings of the 1986
IEEE Symposium on Security and Privacy, IEEE. (Sorry, I couldn't find an
online copy.  How to lose at citation analysis in the modern world.)

The approach used KeyKOS capability confinement to build "Compartments".
 These compartments got references to outside data though a "Reference
Monitor", which checked the security label on the outside data object. 
A high-classification compartment would not be permitted to import a
capability to a directory which had write capabilities to
low-classification data objects.

The nice feature of this approach was that all the MLS buzz-words
appeared as objects in the implementation.  Once an object had been
approved for access by a compartment, the accesses did not require any
checks other than the normal capability access checks.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz        | The first thing you need when  | Periwinkle 
(408)356-8506      | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter.                     | Los Gatos, CA 95032

More information about the cap-talk mailing list