From: Paul Moore <paul.moore@hp.com>
To: "David P. Quigley" <dpquigl@tycho.nsa.gov>
Cc: Joy Latten <latten@austin.ibm.com>,
gcwilson@us.ibm.com, selinux@tycho.nsa.gov, serue@us.ibm.com,
tjaeger@cse.psu.edu
Subject: Re: [RFC 1/2] labeled ipsec internet drafts
Date: Thu, 28 Aug 2008 11:49:05 -0400 [thread overview]
Message-ID: <200808281149.05547.paul.moore@hp.com> (raw)
In-Reply-To: <1219874419.2627.116.camel@moss-terrapins.epoch.ncsc.mil>
On Wednesday 27 August 2008 6:00:19 pm David P. Quigley wrote:
> On Wed, 2008-08-27 at 17:56 -0400, Paul Moore wrote:
> > I would encourage us to stop thinking about specific DOI values
> > as "SELinux", "Smack", or whatever. There is no reason we can't
> > get the different labeled security implementation to work together
> > but if we continue to propagate the notion of implementation
> > specific DOIs then it becomes that much harder. I think we need to
> > think of DOIs as defining a mapping between an on-the-wire label
> > format to a semantic meaning; the actual format of the wire label
> > isn't important, the meaning of the label is what really counts.
> > Once we understand what a wire formatted label means we can
> > internalize it however we need to so that the implementation can do
> > the necessary access control.
>
> Once again agreed. The issue with this though is that this
> generalized on the wire label is a very difficult thing to come up
> with. Especially since you really want to express concepts such as
> this webserver can only serve public data. That is the kind of high
> level semantic you would want to specify and then have the endpoints
> decide what that means. For MLS this might translate into a category
> for SELinux this might translate into a specific type. This is by no
> means an easy problem.
I never said it would be easy, I just think it is something we should
strive for :)
> > Once again, think of how we handle the MLS-only CIPSO labels today;
> > it is a simplified example but it demonstrates the basic concept of
> > internalizing implementation agnostic security labels and the
> > interoperability benefits that result.
>
> You might have to explain this to me. The issue you raise in the
> paragraph above deals with talking in terms of mechanisms not
> necessarily implementations. The issue with CIPSO is that it is only
> one mechanism which allows them to define their labels in an
> implementation agnostic manner since everyone has agreed on the
> mechanism. This is a little harder when you're spanning mechanisms
> unless we use something similar to what I describe above.
The reason I brought up CIPSO was just to highlight how an
implementation agnostic on-the-wire security label could be
internalized by a specific security/MAC implementation so that useful
access control could be done. It is just one example, and a painfully
simple one at that, but it demonstrates the basic concept and showcases
some of the benefits (and pitfalls).
--
paul moore
linux @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2008-08-28 15:49 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-25 20:46 [RFC 1/2] labeled ipsec internet drafts Joy Latten
2008-08-25 21:42 ` David P. Quigley
2008-08-26 17:17 ` Joy Latten
2008-08-26 20:24 ` David P. Quigley
2008-08-27 16:17 ` Joy Latten
2008-08-27 16:49 ` David P. Quigley
2008-08-27 18:41 ` Joy Latten
2008-08-27 20:50 ` Paul Moore
2008-08-27 21:33 ` David P. Quigley
2008-08-27 22:56 ` Joy Latten
2008-08-28 16:08 ` Paul Moore
2008-08-27 23:27 ` Joy Latten
2008-08-28 15:44 ` Paul Moore
2008-08-27 21:21 ` David P. Quigley
2008-08-27 21:56 ` Paul Moore
2008-08-27 22:00 ` David P. Quigley
2008-08-28 15:49 ` Paul Moore [this message]
2008-08-28 0:22 ` Joy Latten
2008-08-28 1:30 ` Casey Schaufler
2008-08-28 15:58 ` Paul Moore
-- strict thread matches above, loose matches on Subject: below --
2008-07-25 17:51 Joy Latten
2008-07-26 16:34 ` Paul Moore
2008-07-26 16:34 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200808281149.05547.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=gcwilson@us.ibm.com \
--cc=latten@austin.ibm.com \
--cc=selinux@tycho.nsa.gov \
--cc=serue@us.ibm.com \
--cc=tjaeger@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.