[Security_sig] Re: DCL Capabilities section - highest level outlinereview

Karl MacMillan kmacmillan at tresys.com
Thu Sep 1 11:55:20 PDT 2005


> -----Original Message-----
> From: security_sig-bounces at lists.osdl.org [mailto:security_sig-
> bounces at lists.osdl.org] On Behalf Of Chris Wright
> Sent: Thursday, September 01, 2005 2:42 PM
> To: Mary Edie Meredith
> Cc: Security SIG
> Subject: [Security_sig] Re: DCL Capabilities section - highest level
> outlinereview
> 
> * Mary Edie Meredith (maryedie at osdl.org) wrote:
> >  1 Introduction
> >  2 Security Objectives
> >  	2.1 Server Usage Profiles
> >  	2.2 Organizational Security
> >  	2.3 Environmental Assumptions
> 
> 
> >  	2.4 Security Objectives
> >  	2.5 Environmental Assumptions
> 
> 2.3 and 2.5 are the same
> 
> >  3 Security Capabilities
> >  	3.1 Identification and Authentication
> >  	3.2 Access Controls (Discretionary)
> >  	3.3 Audit, Accounting and Accountability
> >  	3.4 Mandatory Access Controls
> 
> Is it necessary to split DAC and MAC?  Could it be:
> 
> 3.2 Access Controls
> 	3.2.1 DAC (traditional UNIX, ACL's, etc...)
> 	3.2.2 MAC (typically lsm enforced)
> 
> >  	3.5 Integrity Protections & Least Privilege
> 
> For integrity do we bring up MLS (I ask because this may point back
> at MAC)? 

MLS is only for confidentiality and not integrity. Do you mean Biba or Type
Enforcement?

Karl

------
Karl MacMillan
Tresys Technology
http://www.tresys.com

> For least privilege do we discuss administrative roles as
> mentioned from NFS folks (I ask because this may point back at MAC)?
> 
> > 	3.6 Availability and Continuity of Operations
> 
> Is that meant to dicuss DoS mitigation?
> 
> >  	3.7 Cryptography
> >  	3.8 Trusted Services
> 
> To scope the "trusted base"?
> 
> > 	3.9 Documentation
> >  	3.10 Installation & Delivery
> 
> These last two are not likely to generate technical capability gaps,
> rather distro issues.  They're important, but lower priority IMO.
> 
> >  4 Security Roadmap






More information about the security_sig mailing list