From: Paul Moore <paul.moore@hp.com>
To: Klaus Weidner <klaus@atsec.com>
Cc: redhat-lspp@redhat.com, linux-audit@redhat.com
Subject: Re: [redhat-lspp] labeled ipsec auditing
Date: Mon, 09 Oct 2006 15:15:09 -0400 [thread overview]
Message-ID: <452A9FBD.5060300@hp.com> (raw)
In-Reply-To: <20061009190949.GA28519@w-m-p.com>
Klaus Weidner wrote:
> On Thu, Oct 05, 2006 at 06:15:44PM -0400, Paul Moore wrote:
>
>>Hmm, good question. I'm looking at 5.2.4.4 of the LSPP doc and I see this
>>paragraph at the end (in part "d"):
>>
>>"An LSPP-conformant TOE must only use protocols to export data with security
>>attributes that provide unambiguous pairings of security attributes and the
>>information being exported. Further, the ST author must make it clear that the
>>mechanisms, or devices, used to export data with security attributes cannot be
>>used to export data without security attributes unless this change in state can
>>only be done manually and is audited. In addition, the security attributes must
>>be exported to the same mechanism or device as the information. Also, any change
>>in the security attributes settings of a device must be audited."
>>
>>The sentence that concerns me the most is the following: "Also, any change in
>>the security attributes settings of a device must be audited". I guess it boils
>>down if we consider a SA a "device" ...
>
>
> I don't think that there a need to treat all SAs as devices. The
> requirement is to have audit capability for all changes of device state
> that affect MLS import/export, for example establishing or deleting an SA
> with an associated MLS label, or modifying the MLS label of an SA (if
> that's supported). Any operations on SAs that do not involve an MLS label
> are out of scope for the "Export of Labeled User Data (FDP_ETC.2)" SFR
> whose application note you are quoting.
Going back to Joy's original mail I think it was the establishing or deleting of
an SA with SELinux context that we were concerned about (at least that is what I
was concerned about) as that could generate quite a bit of traffic. Based on
your comments above it looks like that is something we need to do.
--
paul moore
linux security @ hp
next prev parent reply other threads:[~2006-10-09 19:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-05 21:23 labeled ipsec auditing Joy Latten
2006-10-05 22:04 ` Steve Grubb
2006-10-05 22:15 ` [redhat-lspp] " Paul Moore
2006-10-09 19:09 ` Klaus Weidner
2006-10-09 19:15 ` Paul Moore [this message]
2006-10-09 19:30 ` Klaus Weidner
2006-10-10 23:25 ` Joy Latten
2006-10-11 0:00 ` Klaus Weidner
2006-10-11 13:38 ` Serge E. Hallyn
2006-10-11 18:07 ` [redhat-lspp] " Joy Latten
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=452A9FBD.5060300@hp.com \
--to=paul.moore@hp.com \
--cc=klaus@atsec.com \
--cc=linux-audit@redhat.com \
--cc=redhat-lspp@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.