Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
MLS permission map: msg#00267
|
Subject: |
MLS permission map |
I've been working through the new MLS implementation (a nice improvement by
the way). I see how the old method of mapping permissions to read or write
is changed and instead these ideas are implemented in the constraints
definitions. I like that too since a policy writer can tweak their notion of
reads and writes (which given the volume of covert channels that will be
present, will allow one to change how strict they want to be).
My question is: although the mapping is not explicit, it is still there. In
the current sample policy, has someone captured the justification for which
permissions are restricted and which are not? Which are being treated as
reads, writes, both or neither? Ultimately for any certifiable security
policy we'll need to justify this mapping. I specially ask both to see if
the model we have built into apol's permmap is consistent with the MLS
mappings, as well as for the reference policy work we're doing that Karl
mentioned earlier. Thanks Frank
|
| |
