On Wed, 2007-06-13 at 09:10 -0400, Stephen Smalley wrote: > On Tue, 2007-06-12 at 15:42 -0600, Forrest Taylor wrote: > > I am teaching class this week and I had an interesting question from a > > student. We were discussing sensitivities and categories, and a student > > wondered about the hierarchical nature of sensitivities and categories. > > Assuming that s0 is unclassified, s1 is classified, s2 is secret and s3 > > is top secret, and s0<s1<s2<s3. If I have access to s3, I assume that > > you also have access to s2, s1, s0. Is there a way to throw categories > > in here so that users who have access to s3 do not necessarily have > > access to all of s2 and lower? > > The dominance function is based on both the sensitivities and the > category sets. A dominates B iff A's sensitivity >= B's sensitivity and > A's category set is a superset of B's category set. The possible > relationships are dominates, dominated by, equivalent, or incomparable. > > Under BLP/MLS, A can only read from B if A dominates B, and A can only > write to B if A is dominated by B. Many MLS systems further limit A to > only allow writing to B if A is equivalent to B, even though that isn't > strictly required for BLP. To violate those properties (no read up, no > write down), A has to be in a TE domain that is marked with one of the > type attributes used as exceptions in the MLS constraints. Excellent. I had only seen sensitivities in heirarchy, so it is good to know that categories can also be included. Thanks, Forrest
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
