[cap-talk] Mandatory Access Control (was: What's "Discretionary Security")
Jonathan S. Shapiro
shap at eros-os.com
Thu Jan 4 08:43:43 CST 2007
On Wed, 2007-01-03 at 23:55 -0800, Jed Donnelley wrote:
> Perhaps not, but when I did some searching for LOMAC I ended up at
> the Biba Model:
>
> http://en.wikipedia.org/wiki/Biba_Model
>
> which (amusingly to me) seems to be the dual of the MLS model, namely:
> __________
> This security model is directed toward data integrity (rather than
> confidentiality) and is characterized by the phrase: "no write up, no
> read down". This is in contrast to the Bell-LaPadula model which is
> characterized by the phrase "no write down, no read up".
> __________
>
> Of course this suggests that if one wants confidentiality and
> integrity then one has "no write down, no read up" and "no write up,
> no read down". That seems like a pretty clear description of an air gap.
>
> --Jed http://www.webstart.com/jed-signature.html
Another way to look at it is:
Systems implementing MLS are necessarily of the lowest integrity.
Given this:
Only bad decisions can be made from mandatory-secure information.
Good decisions can only be made from mandatory-nonsecure information.
When you think about it, This actually explains quite a lot about the
DoD decision making process. Even a haphazard and imperfect human
implementation of MLS goes most of the way toward destroying information
integrity.
--
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100
More information about the cap-talk
mailing list