Re: SELinux project

All of lore.kernel.org
 help / color / mirror / Atom feed

From: kamal <kamalnee@iitk.ac.in>
To: Trent Jaeger <jaegert@us.ibm.com>
Cc: SELinux@tycho.nsa.gov
Subject: Re: SELinux project
Date: Tue, 16 Sep 2003 02:38:10 +0530	[thread overview]
Message-ID: <3F662A3A.4010408@iitk.ac.in> (raw)
In-Reply-To: <OFF5A0ED70.9B405226-ON85256DA2.00673487-85256DA2.006B8345@us.ibm.com>

Thanks a lot for the suggestions!
Our interest related to integrity is slightly different. SELinux seems 
to take good care of the security of the system. But consider a military 
environment and think about actual users. A high ranking officer has got 
lots of documents from juniors and his boss, some of them possibly 
copied from their directories, and some sent through email. Now all the 
documents should not appear same to him, there should be an easy 
classification based on integrity and confidentiality of a document. He 
should not unknowingly be able to move information in a way that 
violates Biba and BLP constraints. We also want to see how digital 
signatures and encryption can be tightly and transparently integrated 
with this, e.g. in assigning integrity level to an incoming email 
attachment.
Another thing in our mind is decentralization of users' 
confidentiality/integrity levels. I mean putting this policy on some 
central server. After all, users don't belong to a computer, they belong 
to an organization. Decentralizing parts of general TE policy seems more 
difficult, levels seem easier to handle.
I wonder whether all this makes sense. Does it?

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2003-09-15 21:08 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-09-13  9:45 SELinux project kamal
2003-09-15 12:42 ` Stephen Smalley
2003-09-15 16:07   ` Frank Mayer
2003-09-15 19:34   ` Trent Jaeger
2003-09-15 21:08     ` kamal [this message]
2003-09-15 21:31       ` Trent Jaeger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3F662A3A.4010408@iitk.ac.in \
    --to=kamalnee@iitk.ac.in \
    --cc=SELinux@tycho.nsa.gov \
    --cc=jaegert@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.