[cap-talk] Confinement CC problem ?? (Rob Meijer: Communicating conspirators)
rmeijer at xs4all.nl
Sun Jul 30 13:37:56 EDT 2006
>>I believe the main difference is in what is being locked down to a level.
>>In what you describe the 'processes' are being locked down to a clearance
>>level. I know that this is required in the higher MLS levels, but I
>>would be glad if I could use capability design between the lower
> By "use a capability design between the lower levels" do I take you
> to mean that you somehow want to be able to allow direct communication
> between processes at different levels with a capability mechanism
> somehow enforcing a workable (by what policy standards?) MLS mechanism?
>>In my proposed design the capabilities are being locked down
>>to a clearance level instead, allowing processes with capabilities on
>>multiple clearance levels to somewhat move between the levels during
>>their lifetime. The later results in a more natural way of programming
>>thus in shorter development times imho. An added bonus is as I stated
>>I believe it would allow the definition of a confinement subset of the CC
> Sorry Rob, but try as I might I don't see it. I guess this is one of
> cases where I think we would really have to stand up at a white board
> and scratch out a more detailed design before I'd get it. Perhaps others
> can chime in here if any are following and might be able to contribute.
I have made an attempt to get things into something of a big
picture/detailed picture short document, I'm a bit reluctant to do so
given that its only a very preliminary state, but hopefully it can be
I've made the graphics link to the source graphviz dot files, I think these
could effectively be used as an e-mail compatible white board.
Maybe others could also look at this page to see if my aparently limited
communication skills could maybe be reworded by someone to make a bit
more clear what I am trying to bring across.
More information about the cap-talk