RFC: Requirements for MAC policies and implementation

Jon Tidswell jont at zip.com.au
Thu Sep 28 04:18:03 GMT 2000 

| > 
| > - Multi-Level Security Model (MLS)
| > 	- MLS is fairly cut-and-dry -- I'd assume support for
| > 	  static labels, some fixed finite bound on the number of
| > 	  sensitivity levels, and support for non-hierarchal categories. 
| > 	  All trusted operating systems support this model, albeit
| > 	  some in a more general manner than others.
| >
| 
| Awhile back I think Jon T Bowie and I discussed MLS for process execution
| and felt that it would be a _great_ thing to have implemented.. and as
| time would have it... we never did.  I brougth this up to in a
| conversation on IRC with Robert; we both felt it was a good thing, yet
| felt, IIRC, there was more to it than just process execution.  I
| completely agree and while I think the idea of a MIB-like structure for
| processes to be executed, I think there is much more to it (again).
  
Somewhere I missed something.
A MIB like structure to me is a text based tagged hierarchical data structure,
not something that will ever be evaluated quickly.
Unix fork/exec is slow enough without making it slower.
What have I missed ?

| What I
| would love to see, since I am unable to run some of the MAC implemented
| OSes.. is some statistics on speed and reliability, etc..  While I think
| there are definitely other key issues invovled here, I think I'd like to
| make speed one of them.  

I had a friendly Sun rep and actually got to play with trusted solaris a
little - it was a real PAIN to install - different enough to be a problem,
close enough that skimming the docs it seems the same (but wasnt).

Trusted Solaris (2.51) was slower than normal solaris (2.51).
[ Whether this remains true for trusted solaris 8 we will have to wait
and see, it'll probably be out the same time as solaris 10 :-]

| Also, I would imagine doing the Biba or MLS schemas would be easier on a
| higher level to manage than a jail()-like implementation over a system
| wide standpoint.  Am I wrong to think this?

I know of one defense site that abandoned trusted solaris for normal solaris
because the human effort/time overheads of managing the MLS based system
outweighed the benefits.

- JonT

-- 
Jonathon E Tidswell                                          <jont at zip.com.au>
Geek on the loose.
Postgrad student, programmer, Internet aficionado, and would be security guru.
Disclaimer: I think my thoughts are my own, and I believe my writings are too.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list