Re: Not quite MLS.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Glenn is right that the Mitre LEF can only work on a per-system rather than a per-user basis for disallowing certain classification and compartment/category constraints. The only MLS system that I know of that did what you are asking for is the old Addamax B1st system. That MLS system had user clearances as a set of labels and label ranges that allowed a specific user clearance to be something like: 

{ unc - ts:1,2,3; unc:4 - sec:4 ; con:5 }
which would allow the user to be cleared from unc to ts in categories 1, 2, and 3 but have only a unc to sec clearance in category 4 and only con for category 5.
Strictly speaking, a system can be "fully MLS" regardless of the clearance functionality. Some MLS systems have been built (and bought) without any notion of a user clearance at all, particularly some MLS systems built to the first generation of TCSEC requirements. 

paul

Glenn Faden wrote:

rob myers wrote:


I believe the difference between SELinux with MLS policy and what I am
trying to build is that I want higher sensitivity levels to dominate
lower sensitivity levels only on a per category basis.

For example, it is my understanding that under MLS UserB must have
sensitivity level 3 access to category 3 because UserB has access to
sensitivity level 3 access to other categories.  Another possibility
under MLS would be to remove UserB's access to category 3 for all
sensitivities.  Neither of these is what I want the system to do.
For MLS systems based on the Mitre/DIA label encodings format it is possible to exclude specific categories on a per sensitivity label basis from the User Accreditation Range. For an example, see:
So it is possible to specify a User Accreditation Range conforming to either the UserA or UserB matrix. However, the format only provides for a single User Accreditiation Range that would apply to all users. In MLS systems I'm familiar with, there is no facility to exclude categories from the kernel dominance checks. 

--Glenn

begin:vcard
fn:Paul McNabb
n:McNabb;Paul
org:Argus Systems Group
adr:;;1809 Woodfield Drive;Savoy;IL;61874-9505;USA
email;internet:mcnabb@xxxxxxxxxxxxxxxxx
title:Chief Security Architect
tel;work:+1 217-355-6308
tel;fax:+1 217-355-1433
tel;cell:+1 217-493-3818
url:http://www.argus-systems.com
version:2.1
end:vcard
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux