[cap-talk] Mandatory Access Control: unidirectional state changes
Karp, Alan H
alan.karp at hp.com
Fri Jan 5 19:22:55 CST 2007
> Alan Karp previously mentioned "compartments." I'm not
> familiar enough
> with any implementation of compartments to know what sorts of
> communication are permitted between compartments (presumably
> there must be some or we wouldn't talk about a 'compartments'
> mechanism for a single system). Perhaps Alan can further explain
> or provide pointers. If 'compartments' really is an alternative form
> of MAC, then perhaps I can see whether it fits with my notion that
> MAC at heart derives from communication restrictions.
Consider a consulting firm with two client companies in competition.
The consultants want to assure their clients that there will be no
mixing of data between the engagements. They could put the data on
different machines, but that might be inappropriate for some reason.
For example, they may both need to be run against an expensive software
package. The solution is to mark the data for one company with
compartment Y and the data for the other company with compartment Z.
Any data constructed from data in a compartment is marked with that
compartment. Individuals in the company are given access rights to only
a single compartment. The MAC rules prevent data movement between the
Note that the best you can do in reality is prevent accidental mixing of
the data. Say Alice is working on the account for company Y, and Bob is
doing work for company Z. Alice can always print out a file from
compartment Y and give it to Bob to put into compartment Z.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Size: 423 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20070105/d9d3d8f4/attachment.vcf
More information about the cap-talk