[cap-talk] Mandatory Access Control (was: What's "Discretionary Security")
Ka-Ping Yee
cap-talk at zesty.ca
Wed Jan 3 18:12:23 CST 2007
On Wed, 3 Jan 2007, Jonathan S. Shapiro wrote:
> Mandatory control advocates almost universally state that capabilities
> are purely discretionary controls. This is absolutely correct.
It may be almost universally stated, but it is also inconsistent.
The definition in the glossary of the Orange Book is
Discretionary Access Control - A means of restricting
access to objects based on the identity of subjects
and/or groups to which they belong. The controls are
discretionary in the sense that a subject with a certain
access permission is capable of passing that permission
(perhaps indirectly) on to any other subject (unless
restrained by mandatory access control).
Capability systems do not permit subjects to pass on permission
to just "any other subject", so they do not meet the TCSEC
definition of DAC.
(I'll edit the Wikipedia article now to quote the above definition.)
-- ?!ng
More information about the cap-talk
mailing list