[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Auditing File Changes



The original idea was to prevent the user from opening the file in any
text or hex editor and changing the file or the file's allowed operations, which would be stored in the file itself. However, if we can capture the open call we may not need the the encryption afterall. All of this is just a proof of concept. It will need to be refined much more before we do the
actual implementation, which is why I'm here to get these comments and
ideas from the community. :) We do not want to reinvent the wheel but the permissions need to go beyond the basic read-write-exec since engineers will need to modify the source code files but we may not want them to copy them to a usb drive or email them, and we want the permissions to be in
place across platforms.

selinux can do this using policy (MLS policy specifically) and of course auditting. The idea is that you can label a file to be Secret. To access this file the user must be at Secret. When at Secret they can only write at Secret, so even if they change permissions or copy the data, it will still be at Secret and only users allowed Secret access can see these files. You can then define at what level a usb device is mounted, or what level the email system runs at, so that Secret data cannot be written to the device or sent through email. This is greatly simplified explanation of MLS and more detail is probably outside the scope of the audit list. You might try looking at the lssp-redhat list <http://www.redhat.com/ mailman/listinfo/redhat-lspp>, or Fedora MLS wiki <http:// www.fedoraproject.org/wiki/SELinux/FedoraMLSHowto>.

The above is of course specific to MLS systems (selinux, Trusted Solaris, HP-UX 10.26 and several others), so it isn't really cross platform in they way you probably want. Still it might give you a place to start so you don't reinvent the wheel.


You'd have to modify OpenOffice to decrypt and re-encrypt documents,
right?

The idea was that we would capture the writes and the data and then
encrypt it ourselves so OO would not need to care.

In an MLS system OO should not care either.


Evan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]