[Security_sig] CGL....
Mary Edie Meredith
maryedie at osdl.org
Thu Oct 13 15:37:13 PDT 2005
OK, I've taken a look at the CGL security document at
http://groups.osdl.org/apps/group_public/download.php/1147/cgl31-security.pdf
Per our discussion today, as possible DCL capabilities, I've listed the
CGL list below.
However, there is nothing yet in the CGL doc that states
what maturity we currently face with these, so I assume
many do not represent gaps (e.g. SEC1.1 looks like
LSM to me). If you want a more detailed description,
please see the above URL, Section "5 Security
Requirements" beginning on page 6.
Please flag anything here that represents a concern and a
gap for DCL based on the DCL concerns I outlined in
September in this note:
http://lists.osdl.org/pipermail/security_sig/2005-September/000257.html
SEC.1 Access Control (those beyond mechanisms commonly supported
on POSIX/SUSv2/SUSv3 compliant systems.
SEC.1.1 Dynamic Kernel Security Module Mechanism.
SEC 1.2 Process Containment using File System Restrictions
SEC 1.3 Process containment Using MAC-based mechanism
SEC 1.3.1 MAC-based Policy Administration Tools
SEC 1.4 Buffer Overflow Protection
SEC 1.5 Access Control List Support for File Systems
SEC 2 Authentication
SEC 2.1 Generic Authentication Modules
SEC 2.2 Password Integrity Checking
SEC 3 Auditing
SEC 3.1 Log integrity and Origin Authentication
SEC 3.2. Secure Transport of Log Information
SEC 3.3 Periodic Automated Log Analysis
SEC 3.4 Real-Time Automated Log Analysis
SEC 4 Network Confidentiality and Integrity
SEC 4.1 IPsec for IPv4 and IPv6
SEC 4.2 Support for IKE for IPv4 and IPv6
SEC 4.3 PF_Key Support
SEC 5.0 File Integrity checking
SEC 6 PKI and SSL/TLS Support
SEC 6.1 PKI Support for Applications
SEC 6.2 SSL/TLS Support for Applications
SEC 6.3 PKI Certificate Authority(CA)
SEC 7 Resource Management
SEC 7.1 Memory Limits
SEC 7.2 File System Quotas
SEC 7.3 Process Quotas
SEC 7.4 Execution Quotas
SEC 8 Trusted Platform Module (TPM) support.
--
Mary Edie Meredith
Initiative Manager
Open Source Development Labs
maryedie at osdl.org
503-906-1942
More information about the security_sig
mailing list