[cap-talk] Mandatory Access Control(was: What's "DiscretionarySecurity")
Jonathan S. Shapiro
shap at eros-os.com
Wed Jan 3 17:00:45 CST 2007
On Wed, 2007-01-03 at 16:48 -0600, Karp, Alan H wrote:
> > No it isn't. The lattice describes the relationship between
> > compartments, not current access.
>
> I don't understand. Alice is in the submarine project at the Secret
> level. She can read down and write up within that project, but she has
> no access to anything related to the bomber project.
What access Alice has is of no conceivable relevance. The lattice
structure is a set of permitted relationships between *compartments*,
and then at a system-wide view.
So in the Alice/Bob example you have a lattice consisting of
bottom < sub-project < top
bottom < bomber-project < top
and some of the respective users sessions are attached to the respective
compartments.
But the lattice is definitely ther.
--
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100
More information about the cap-talk
mailing list