[cap-talk] Concrete guidelines for user shell
Karp, Alan H
alan.karp at hp.com
Fri Jun 29 11:21:27 EDT 2007
Pierre THIERRY wrote:
>
> I'm also wondering wether users shells should by default be created
> within a reference monitor to make it possible to enforce MLS-like
> mandatory access control (that is, Alice has access to Secret
> Folder and
> Bob, but cannot grant access for the former to the latter).
>
One reason to do this is to support Voluntary Oblivious Compliance,
which goes beyond the simple security levels most people think of when
they see the term "mandatory access control". For example, Alice has
access to a file that should only be shared with employees of her
company. In order to obey that policy, Alice would have to know that
the policy applies to that file and whether or not Bob is an employee.
A reference monitor can be used to enforce that policy without Alice
being aware of it. Work on Distributed Information Flow (Asbestos,
Flume, Java Information Flow, Servlet Information Flow, ...) is also
applicable.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list