Huagang Xie wrote: > IMHO, ot only the original reference monitor use the concept of subject > and object in the system, but also the DTE which is being researched And > many current security project are also using the theory basis. That is exactly *not* what this project is about. What we're trying to do is design a module interface that is minimally sufficient to support a bunch of security modules. It is up to the individual module developers to design and implement good modules, figure out how they apply to applications in practice, etc. The question is: what hooks does each potential module need? Can we abstract these needs? Yesterday, someone commented that Chris's initial hack looked like it was over-specific to the Capabilities would-be module. We don't think it is, because it also happens to be sufficient for the SubDomain module. Janus and LIDS provide fairly similar functionality, so I wonder whether they could be made to work within a similar framework. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Apr 14 2001 - 09:07:51 PDT