[cap-talk] Mandatory Access Control (was: What's "Discretionary Security")
Jonathan S. Shapiro
shap at eros-os.com
Thu Jan 4 06:28:13 CST 2007
On Wed, 2007-01-03 at 18:12 -0600, Ka-Ping Yee wrote:
> On Wed, 3 Jan 2007, Jonathan S. Shapiro wrote:
> > Mandatory control advocates almost universally state that capabilities
> > are purely discretionary controls. This is absolutely correct.
>
> It may be almost universally stated, but it is also inconsistent.
> The definition in the glossary of the Orange Book is
>
> Discretionary Access Control - A means of restricting
> access to objects based on the identity of subjects
> and/or groups to which they belong. The controls are
> discretionary in the sense that a subject with a certain
> access permission is capable of passing that permission
> (perhaps indirectly) on to any other subject (unless
> restrained by mandatory access control).
>
> Capability systems do not permit subjects to pass on permission
> to just "any other subject", so they do not meet the TCSEC
> definition of DAC.
>
> (I'll edit the Wikipedia article now to quote the above definition.)
Ping: on reflection, I like the approach of simply quoting the TCSEC
definitions and then going on to explain what the shortcomings were in
those views and how the terms should be understood in a modern context.
Does this seem sensible to you?
--
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100
More information about the cap-talk
mailing list