On Sun, Oct 28, 2001 at 07:59:47PM -0500, jmjonesat_private wrote: > For the peanut gallery, and because this concern seems to be outside LSM's > defined concern of "access restriction" (which is a hazy and largish > area), Just for kicks, I wondered just how hazy 'access control' really is. Some notes: Ross Anderson's _Security Engineering_ has several nice explanations: page 51: "[Access control's] function is to control which principals (persons, processes, machines,...) have access to which resources in the system --- which files they can read, which programs they can execute, how they share dat with other principals, and so on." On pages 53 and 54, Anderson mentions using matrices to model and implement these restrictions, using "access triples of user, program, file", though he does mention that the programs aren't as important as protection domains. Jonathan Shapiro: "Given a process _proc_ that wishes to perform an operation _op_ on an object _object_, the protection mechanism in an access list system is to test the following predicate: op in acl(object, principal(p))." http://www.eros-os.org/essays/ACLSvCaps.html Norm Hardy: "Access Control: a means for establishing the rights an authenticated party has to access and control a set of resources." http://cap-lore.com/CapTheory/Glossary.html The most formalised definition I know of is Butler Lampson's Access Control Matrices (hinted at in Anderson, but not by name): http://citeseer.nj.nec.com/context/144834/0 Cheers! :) -- The Bill of Rights: 7 out of 10 rights haven't been sold yet! Contact your congressman for details how *you* can buy one today! _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 10:57:41 PST