programming interface for mandatory access controls
ari
edelkind-trustedbsd-discuss at episec.com
Sun Aug 24 13:43:26 GMT 2003
This is in reference to a project that i'm working on:
http://www.episec.com/people/edelkind/patches/kernel/flowpriv/
Please view that site for background information.
Currently, i have been handling this interface with additional privilege
checks throughout the code. I have proof-of-concept code available for
download, though i have done a good bit more work on the project since
its release. These privilege checks are designed to have a negligible
impact on system call performance, i.e. they require only a few memory
accesses to do their job, and they use only a few bytes of per-process
memory to include their restrictions.
The interesting part of this implementation is that everywhere i go
within the kernel to add these checks, MAC was there before me. Now, i
have an option. I can add a new interface for MAC, which would be
simpler (and less tedious) for me to implement, or i can continue as i
am. Adding an interface for MAC would provide me with a back-end that
is more "standard", being based on a (withdrawn) IEEE draft. However,
MAC adds a significant performance penalty that programmers and
corporations do not like to pay. I could also implement both, and the
user may take his pick at (kernel) compile time.
Another problem with creating an interface for MAC is that if developers
are to pick this up as a programming practice, it needs to be something
common throughout a number of operating systems. Their programs need to
be portable. However, MAC, as a compile-time option, doesn't really fit
this requirement even for one OS.
I'm looking for arguments in either direction.
ari
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list