* $ from aoat_private at "12-Apr:10:22am" | sed "1,$s/^/* /" * * * Hi! * * Please take this as a base list for things to be discussed. * * Personally, I do believe that a module interface will be insufficient for * RSBAC, SELinux and some other projects. * * Amon. * * ----------------------------- * * Already agreed (?) * ------------------ * * - Pure mechanism without implied policy * * - Kernel level interface * * - Optional user space interface: * - Hooks into kernel level interface * - Compile time flag: not included, module, compiled in * - Functionally as much as possible the same as kernel level interface Being a girlie user-land sort of person, "optional" doesn't quite cut it, applications must be able to determine if a given action is acceptable under a given policy without performing it. Applications need to make security decisions too. One of the things that I've been looking at in my oh so copious spare time, is that of Trusted X Windows. A typical MLS window system is easy, but I got to talking to Robert Watson (of Trusted BSD) and the NSA guys at a conference and it seems that the architecture should be extended to cover non-MLS policies. Loading the policies into X is a trivial matter of programming, coming up with APIs that can scale to the all the possible policies isn't. Then I got distracted by real work. richard. ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology. "Specialization is for insects" __________________________________________http://reality.sgi.com/offer/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:24 PDT