[Security_sig] draft DTL security doc
ereed at novell.com
Fri Dec 10 19:08:37 PST 2004
Quick assessment -
Typical functionality, lacks audit.
Local audit capability is a requirement for many environments that will
be built on the desktop. Maybe not laptops, nor even knowlege worker
workstations. But certainly teller apps, cash register apps, etc.
I recommend they seriously consider adding a local audit requirement, to
complete the suite of requirements.
They enumerate identification, authentication, discretionary
authorization. Add audit, and you have the top-level functional
requirements for CAPP, which is appropriate.
We can argue later about anti-virus or least-privilege application
containment policies...well, we'll get to that in time.
>>>Chris Wright <chrisw at osdl.org> 12/09/04 7:02 pm >>>
Here's the current draft of the DTL security doc. Please recall the
caveats Philip mentioned in the con call. Something like (my
paraphrase, if it's nonsense blame me):
Security was originally spread throughout the doco. Late in process,
decided to bite the bullet and pull the items out and coallate. A lot
of these items are not done for specific security arch perspective.
Early drafts well, input closes next week, so it's also the draft
going in. Not a final specification. Don't want people to think it's
a comprehensive doc or systems approach. We'll need to do that later
Linux Security Modules http://lsm.immunix.org
More information about the security_sig