From: Amon Ott <ao@rsbac.org>
To: selinux@tycho.nsa.gov, rsbac@compuniverse.de
Subject: Re: Rule Set Based Access Control (RSBAC)
Date: Thu, 5 Apr 2001 08:00:33 +0200 [thread overview]
Message-ID: <01040509250501.00859@marvin> (raw)
In-Reply-To: <Pine.SOL.3.95.1010402145703.8569J-100000@clipper.gw.tislabs.com>
On Mon, 02 Apr 2001 Stephen Smalley wrote:
> 7) Most of the RSBAC policy modules are very hardwired in their
> policy logic, and can be easily expressed using the SELinux Type
> Enforcement (TE) configuration.
After rereading Section 'Overview' of your 'Security Policy Configuration'
paper, and remembering a similar claim at another place, which I had no way of
answering, I kindly ask for some explanation.
Without knowing your exact model details, I believe your claim 'can be easily
expressed using SELinux Type Enforcement' to be
- completely wrong for Privacy Model (PM), Malware Scan (MS), Role Compatibility
(RC) and Access Control Lists (ACL)
- doubtful for Mandatory Access Control (MAC), File Flags (FF) and
Authentication (AUTH)
- correct for the very simple models Functional Control (FC) and Security
Information Modification (SIM)
Since I regard all modules except FC and SIM as important models (or at least
modules), I hereby ask you to either
- prove your claim or
- officially take it back
for all these models.
Amon.
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2001-04-05 7:26 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-04-02 14:49 Rule Set Based Access Control (RSBAC) Hubertus Franke
2001-04-02 20:32 ` Stephen Smalley
2001-04-03 14:35 ` Amon Ott
2001-04-03 19:30 ` Stephen Smalley
2001-04-04 9:00 ` Amon Ott
2001-04-04 16:31 ` Stephen Smalley
2001-04-05 7:33 ` Amon Ott
2001-04-06 12:25 ` Stephen Smalley
2001-04-06 12:40 ` Amon Ott
2001-04-05 6:00 ` Amon Ott [this message]
2001-04-05 13:36 ` Stephen Smalley
2001-04-06 6:48 ` Amon Ott
2001-04-06 14:13 ` Stephen Smalley
2001-04-09 6:21 ` Amon Ott
-- strict thread matches above, loose matches on Subject: below --
2001-04-09 11:33 Simone Fischer-Hübner
[not found] <4.3.2.7.2.20010406102905.00d6cc80@mail.cs.kau.se>
2001-04-06 15:03 ` Stephen Smalley
[not found] ` <Pine.SOL.3.95.1010406103520.19297A-100000@clipper.gw.tisla bs.com>
2001-04-06 15:21 ` Simone Fischer-Hübner
[not found] <Pine.LNX.4.10.10104040817380.8824-100000@gargoyle.clark.net>
2001-04-04 14:44 ` Amon Ott
2001-04-06 12:06 ` Stephen Smalley
2001-04-02 4:44 Manoj Srivastava
2001-04-02 15:24 ` K Mitchell Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=01040509250501.00859@marvin \
--to=ao@rsbac.org \
--cc=rsbac@compuniverse.de \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.