[cap-talk] Mandatory Access Control (was: What's "Discretionary Security")
Karp, Alan H
alan.karp at hp.com
Wed Jan 3 12:22:12 CST 2007
Jed wrote:
> Is MAC
> really just another name for MLS? If no, perhaps somebody could
> suggest a MAC scheme that isn't MLS?
>
Compartments.
>
> I believe the tension described in the above paragraph is at the
> heart of why the MAC "community" (for lack of a better term, TCSEC,
> etc., etc.) is antagonistic to object-capability systems, and visa
> versa. The MAC community feels that the basic object-capability
> model is too laissez faire when it comes to access control (if "I" as
> a subject have access to an object and I can communicate to "you"
> then I can share access with you), while the object-capability
> community feels that they're providing all the control that's
> possible in any model.
>
Personally, I think the MAC people are considering only permission,
while the capability people, perhaps implicitly, realize the importance
of authority.
_________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 423 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20070103/f2234052/attachment.vcf
More information about the cap-talk
mailing list