RE: Bell & Lapadula Model

["Lorenzo Hernández García-Hierro" <lorenzo@gnu.org>]

[-- Attachment #1: Type: text/plain, Size: 2149 bytes --]

El jue, 17-02-2005 a las 17:21 -0500, Frank Mayer escribió:
> > > SELinux enforces a Mandatory Access Control (MAC) Policy based on Bell 
> > > and Lapadula Model.  I understand the read control property (no read 
> > > up) and the write control (no write down), but in this model there are 
> > > another property called tranquility property, I don't know very well 
> > > how SELinux enforces this property,
> >
> > SELinux includes an experimental MLS implementation based on BLP.  This
> feature is 
> > not currently enabled in Fedora.
> >
> > Thus, it may be better to discuss the MLS component on the NSA list:
> > http://www.nsa.gov/selinux/info/list.cfm?MenuID=41.1.1.9
> 
> To be clear, SELinux as most people think about it implements type
> enforcement as its MAC, and *not* BLP (i.e., MLS) as you seem to assert. As
> James notes the current MLS feature is experimental though there is work to
> make it more integral for future release.

Concretely, SELinux arguments the Type Enforcement model with the
addition of the standard Role-Based Access Control.

Instead of doing association between user and types, it lets RBAC to
associate users with at least one role and associates at least one type
with each of those roles.

Permission checks and such are handled by TE, RBAC is more an
user-complaining and policy-enhancing "layer".

"Bell-LaPadula MAC model describes access by active entities, called
subjects, to passive entities, called objects. An entity can, depending
on type of access, be in both roles.
From rom the distinction between read and write access four modes of access
can be distinguished: neither read nor write (execute, e), read only
(read, r), write only (append, a) and read-write (write, w). The set of
all access types is named A."
(http://rsbac.org/documentation/models.php#mac)

The access control matrix is slightly different then :)
Your description is accurate for RSBAC, not for SELinux as I explained
above, among Frank's comments.

Cheers,
-- 
Lorenzo Hernández García-Hierro <lorenzo@gnu.org> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]

[-- Attachment #2: Esta parte del mensaje está firmada digitalmente --]
[-- Type: application/pgp-signature, Size: 189 bytes --]