[cap-talk] Mandatory Access Control (was: What's "Discretionary Security")
Jonathan S. Shapiro
shap at eros-os.com
Thu Jan 4 06:26:23 CST 2007
On Wed, 2007-01-03 at 15:09 -0800, Jed Donnelley wrote:
> At 12:41 PM 1/3/2007, Jonathan S. Shapiro wrote:
> >On Wed, 2007-01-03 at 10:02 -0800, Jed Donnelley wrote:
> >
> > > Let me just feed a bit off what's now on the "discretionary access
> > > control" page:
> > >
> > > http://en.wikipedia.org/wiki/Discretionary_access_control
> > >
> > > Namely where it says, "A system is said to provide discretionary
> > > access control if the owner of an object has the ability to control
> > > how others can access it.
> >
> >This definition is flatly wrong. Discretionary control isn't about what
> >the owner of an object can do. It's about what a process can do. The
> >definition above would lead to the conclusion that capability systems
> >cannot be discretionary because they have no notion of owner. This
> >conclusion is clearly inconsistent with the literature.
>
> I wonder if this isn't still a matter of terminology. Might it be that
> what is meant by "owner" in the above definition is a subject with
> "ownership" access (whatever that means), and the subject could
> be a process or a person?
Yes. In the terminology of the mandatory access control world, an
"owner" is a principal, as in the "own" right.
--
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100
More information about the cap-talk
mailing list