On Wed, 23 Dec 1998, Michael P. Lyle wrote:
> > The effort has to do with compartmentalizing access. The point being
> > made above, and it's not true of general purpose OS' is that you have to
> > use the right access path, authentication mechanism, and be on the right
> > account to do _x_ for any value of x. The extrapolation of that point is
> > that you can have a Web developer write a CGI that calls /bin/sh, but
> > have it be completely useless as a CGI. You can't get around the
> > restrictions will shell code, bad programmers, or evil products.
>
> Yes.. I've seen wonderful things done-- unfortunate that so little of them
> apply to the general populace.
That's only because (a) administratively describing and implementing
security policies for systems with strong trust models is difficult and
(b) Most places interested in security aren't interested in spending
*time* to do security as much as they are in spending money.
MLS systems apply quite well to Web servers, DNS servers, mail systems,
even file servers, *especially* when you want to ensure that an
administrator doesn't have a MAC for reading the data. I can think of a
few hundred places where that would be truly useful, I don't think it's a
case of applicability, more one of ease-of-administration and attitude
towards real INFOSEC in the general computing community.
> MLS serves a different purpose than a firewall- you can regulate the
More MLS firewalls at a different point with different granularity than a
different purpose I'd say.
> data flows within a machine, so you can in essence have multiple trust
> levels ("labels") on the same box. The downside is that it
> inconveniences your user base a bit.
I'm not sure it inconveniences your user base unless you have users
running at multiple levels (then it's a pain to switch levels), it certainly
inconveniences your administrators though. Of couse, with the right
trusted path stuff even simple MAC based compartments can really enhance
the security of a system that has to serve Internet users and/or
"extranet" services.
As far as costs go, fun to play with, not "done", still interesting and
totally free is a Linux-based system with multiple privacy/security modules:
http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac
If RSBAC matures and is useful enough to enhance security, then maybe we
*will* see such things becomming generally useful and generally used.
After all, if you can eventually build truly secure Web, News, mail and
name servers without worrying about code exploits in the servers
compromising anything beyond the specific service that's a considerable
ammount further down the path than places generally are.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
