[cap-talk] Mandatory Access Control (was: What's "Discretionary Security")
Jed Donnelley
capability at webstart.com
Tue Jan 2 14:05:40 CST 2007
Cap-talk,
I just thought I'd extend out a bit beyond the list to see if I could find any
more modern sense in the terms "mandatory" and "discretionary" with
regard to access control.
Regarding MAC there's this:
http://en.wikipedia.org/wiki/Mandatory_access_control
If you then pursue it to:
http://csrc.nist.gov/secpubs/rainbow/std004.txt
you find these statements:
"Environments with a risk index of 1 or higher encompass systems operating in
controlled, compartmented, and multilevel modes. These environments require
mandatory access control, which is the type of access control used to provide
protection based on sensitivity labels. It is defined as a means of
restricting access to objects based on the sensitivity (as represented by a
label) of the information contained in the objects and the formal clearance or
authorization of subjects to access information of such sensitivity."
The above seems to clearly state that "mandatory" access controls are
those that implement access control based on multiple security level
labels. Of course any such controls are controlled by whatever
subject sets and manages the labels and policies for dealing with
the labels.
By this criteria even the MLS mechanisms in NLTSS, where higher
level processes were allow to explicitly declassify data, qualify as
"mandatory".
While I can make sense of the above definition, it certainly doesn't
provide any technical substance for the "mandatory" vs. "discretionary"
distinction that fits the dictionary meaning of these terms - IMO:
Mandatory: Required or commanded by authority; obligatory.
Discretionary: Left to or regulated by one's own discretion or judgment.
I still regard these terms as nonsense when applied to access control where,
as I say, the controller of the access has discretion and the controlled views
the access control as mandatory - in whatever scheme of labels, ACLs,
capabilities, etc.
--Jed http://www.webstart.com/jed/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20070102/74175f7b/attachment.html
More information about the cap-talk
mailing list