Announcement: TrustedBSD Extensions Project
richard offer
offer at sgi.com
Mon Apr 10 19:58:54 GMT 2000
* $ from phil at globnix.org at "10-Apr: 9:28pm" | sed "1,$s/^/* /"
*
*
* Typing away merrily, Robert Watson produced the immortal words:
* > o Mandatory access control for privacy and integrity, allowing FreeBSD to
* > be used in environments hosting mutually suspicious parties and
* > multi-level security models.
*
* Hrm - my understanding of mandatory access controls[1] leads me to
* believe that they're of use where you don't trust everyone in your own
* party; whether that's their integrity or their competence is not the
* issue.
*
* Where you merely have mutually suspicious parties, discretionary access
* control are, AIUI, sufficient. Excepting for DoS attacks.
*
* In what situations not involving lack of trust in your own party do MACs
* protect against another party?
It brings a whole new ballgame to X security...we actually get some :-)
* If you are worried about DoS attacks,
* then aren't resource quotas sufficient, as opposed to all-out MACs, with
* all that implies for abolishing covert timing channels? *wince*
Covert channel analysis is not a requirement until B2.
richard.
-----------------------------------------------------------------------
Richard Offer Widget FAQ --> http://reality.sgi.com/widgetFAQ
MTS-Core Design (Motif)
___________________________________________http://reality.sgi.com/offer
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list