Downgrading labels
Ilmar S. Habibulin
ilmar at watson.org
Tue Mar 29 06:49:27 GMT 2005
On Sat, 26 Mar 2005, Jason Chambers wrote:
> You might be confused between BIBA and MLS, and how they might work
> together. It is not uncommon for a user to be capable of downgrading a
> MAC level, although if I remember correctly in some cases they cannot
> upgrade back up once dropping down... depending on what type of MAC
> your using ? I believe the acceptable upgrade\downgrade levels are
Not, i'm not confused between biba and mls models. I'm confused with
label
downgrading capability, that might be used in the following scenario:
1. user has right to downgrade label
2. user has right to develop custom software
So user can develop software, which might surve as information downgrade
buffer. It raises label, reads info, lowers label, writes info.
One can say -- do not allow users change labels. This is one of the
possible solutions. I see another one - why not to limit the way user can
change its label. Only up -- for mls policy and vs for biba. That's for
ordinary users, of cause.
> ========================
> Random links
> ========================
> www.sis.pitt.edu/~jjoshi/IS2935/Lecture4.ppt
> http://www.cse.scu.edu/~tschwarz/coen350/securityModel.html
> parsys.cs.uic.edu/~solworth/integratingMacDac.pdf
Thanks for the links, i'll check them later.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list