[Security_sig] DCL security section early draft

Mary Edie Meredith maryedie at osdl.org
Wed Dec 15 10:18:05 PST 2004 

On Wed, 2004-12-15 at 09:29, Emily Ratliff wrote:
> Hi Mary,
> 
> Mary Edie Meredith <maryedie at osdl.org> wrote on 12/14/2004 10:36:39
> AM:
> > Would it be possible for you (or others on the list) to suggest
> actual
> > wording to replace areas you find are weak?  
> I will do so, but it will probably be the first of the year before I
> can devote the time to do so, sorry.
> 
> I was also hoping that there would be some discussion/answers to the
> following comments:
> 
> > > "Although that approach produced a good list of security features,
> it
> > > did not guarantee anything about security for a Linux in the Data
> > > Center."
> > > This implies that the new approach does guarantee something about
> the
> > > security of Linux in the Data Center but it was not clear to me
> what
> > > is guaranteed. I think this needs to be clarified.

As this write-up attempts to describe the approach that the SIG
recommended, we need the SIG members respond to this question.

> 
> And
> 
> > > Is there going to be another section that describes the existing
> > > implementations that map to each capability/requirement?

In other categories (besides Security) of the Capabilities document, we
typically refer to various specific open source projects or proprietary
solutions that fit any given capability.

However, in the case of security capabilities, I doubt that the
solutions are clear-cut.  We will likely need to describe several
approaches (whole "stacks" if you will) as optional solutions. To answer
your question, yes there will be an attempt to describe solutions in
some manner.  We didn't want to do that yet, since we need to get public
response about the assumptions before doing that hard work.

Does that answer your question?  Do we need to stress this more in the
document?
> 
> Emily
> 
> Emily Ratliff
> IBM Linux Technology Center, Security
> CISSP #51839
> 512-838-0409 (T/L 678-0409)
> emilyr at us.ibm.com
> 
> 
> > > 
> > > I think that the capabilities section on application confinement
> needs
> > > to be fleshed out a little with the continuum of possibilities
> along
> > > the lines of Ed's quick overview in last week's meeting. 
> > > 
> > > I'm not clear on how certificates increase the tamper resistance
> of
> > > audit logs. It is not critical to the description but I think that
> it
> > > should either be made a little more clear or just dropped as the
> rest
> > > of the description seems strong enough to stand by itself.
> > > 
> > > Emily
> > > 
> > > Emily Ratliff
> > > IBM Linux Technology Center, Security
> > > CISSP #51839
> > > 512-838-0409 (T/L 678-0409)
> > > emilyr at us.ibm.com
> > > 
> > > 
> > > 
> > >
> ______________________________________________________________________
> > > _______________________________________________
> > > security_sig mailing list
> > > security_sig at lists.osdl.org
> > > http://lists.osdl.org/mailman/listinfo/security_sig
> > -- 
> > Mary Edie Meredith 
> > maryedie at osdl.org
> > 503-906-1942
> > Open Source Development Labs
> > 
> 
> 
> ______________________________________________________________________
> _______________________________________________
> security_sig mailing list
> security_sig at lists.osdl.org
> http://lists.osdl.org/mailman/listinfo/security_sig
-- 
Mary Edie Meredith 
maryedie at osdl.org
503-906-1942
Open Source Development Labs

More information about the security_sig mailing list