From: Paul Moore <paul.moore@hp.com>
To: Klaus Weidner <klaus@atsec.com>
Cc: redhat-lspp@redhat.com, linux-audit@redhat.com
Subject: Re: [redhat-lspp] labeled ipsec auditing
Date: Mon, 09 Oct 2006 15:15:09 -0400 [thread overview]
Message-ID: <452A9FBD.5060300@hp.com> (raw)
In-Reply-To: <20061009190949.GA28519@w-m-p.com>
Klaus Weidner wrote:
> On Thu, Oct 05, 2006 at 06:15:44PM -0400, Paul Moore wrote:
>
>>Hmm, good question. I'm looking at 5.2.4.4 of the LSPP doc and I see this
>>paragraph at the end (in part "d"):
>>
>>"An LSPP-conformant TOE must only use protocols to export data with security
>>attributes that provide unambiguous pairings of security attributes and the
>>information being exported. Further, the ST author must make it clear that the
>>mechanisms, or devices, used to export data with security attributes cannot be
>>used to export data without security attributes unless this change in state can
>>only be done manually and is audited. In addition, the security attributes must
>>be exported to the same mechanism or device as the information. Also, any change
>>in the security attributes settings of a device must be audited."
>>
>>The sentence that concerns me the most is the following: "Also, any change in
>>the security attributes settings of a device must be audited". I guess it boils
>>down if we consider a SA a "device" ...
>
>
> I don't think that there a need to treat all SAs as devices. The
> requirement is to have audit capability for all changes of device state
> that affect MLS import/export, for example establishing or deleting an SA
> with an associated MLS label, or modifying the MLS label of an SA (if
> that's supported). Any operations on SAs that do not involve an MLS label
> are out of scope for the "Export of Labeled User Data (FDP_ETC.2)" SFR
> whose application note you are quoting.
Going back to Joy's original mail I think it was the establishing or deleting of
an SA with SELinux context that we were concerned about (at least that is what I
was concerned about) as that could generate quite a bit of traffic. Based on
your comments above it looks like that is something we need to do.
--
paul moore
linux security @ hp
next prev parent reply other threads:[~2006-10-09 19:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-05 21:23 labeled ipsec auditing Joy Latten
2006-10-05 22:04 ` Steve Grubb
2006-10-05 22:15 ` [redhat-lspp] " Paul Moore
2006-10-09 19:09 ` Klaus Weidner
2006-10-09 19:15 ` Paul Moore [this message]
2006-10-09 19:30 ` Klaus Weidner
2006-10-10 23:25 ` Joy Latten
2006-10-11 0:00 ` Klaus Weidner
2006-10-11 13:38 ` Serge E. Hallyn
2006-10-11 18:07 ` [redhat-lspp] " Joy Latten
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=452A9FBD.5060300@hp.com \
--to=paul.moore@hp.com \
--cc=klaus@atsec.com \
--cc=linux-audit@redhat.com \
--cc=redhat-lspp@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox