[cap-talk] Mandatory Access Control (was: What's "Discretionary Security")
David Hopwood
david.nospam.hopwood at blueyonder.co.uk
Wed Jan 3 18:13:25 CST 2007
Jonathan S. Shapiro wrote:
> On Wed, 2007-01-03 at 12:22 -0600, Karp, Alan H wrote:
>>Jed wrote:
>>
>>> Is MAC
>>>really just another name for MLS? If no, perhaps somebody could
>>>suggest a MAC scheme that isn't MLS?
>>
>>Compartments.
>
> I don't know that I believe it, but there is a credible argument that
> goes like this:
>
> Mandatory policies govern authority, not permissions. That is: they are
> information flow policies.
>
> All enforceable information flow policies that might be labeled
> mandatory prove to restrict the flow of information according to a
> dominance lattice.
>
> Therefore, MLS is in fact the *only* mandatory policy, modulo the
> possibility that there might be more levels and labels in other
> lattice-governed policies.
If, for the sake of argument, that were the case, then it would be clear:
- that MLS/"the mandatory policy" is incompatible with POLA (primarily
for the reason I've explained in the context of the *-property in
<http://www.eros-os.org/pipermail/cap-talk/2006-July/005501.html>,
and Jed has also argued for IPC mechanisms),
- that this policy is not what we want in any realistic situation.
--
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the cap-talk
mailing list