[redhat-lspp] Number of level & compartments
Roe, William H.
William.Roe at gd-ais.com
Mon Sep 19 21:28:58 UTC 2005
Currently, one of our deployed/accredited PL4 systems maps over 170 compartments with 8000+ valid label permutations. Just food for thought.
I hope this helps aim the arrow a little closer to center.
William Roe, CISSP, M.S. IA
General Dynamics AIS
Intelligence Mission Solutions
Technical Engineering Matrix Manager
Sr. Lead Software Engineer
410/859-2076 office
443/220-8910 blackberry
william.roe at gd-ais.com
Confidentiality Note: This e-mail is intended only for the person or entity to which it is addressed, and may contain information that is privileged, confidential, or otherwise protected from disclosure. Dissemination, distribution, or copying of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please notify the sender by reply e-mail, phone, or fax, and destroy the original message and all copies. Thank you.
-----Original Message-----
From: redhat-lspp-bounces at redhat.com [mailto:redhat-lspp-bounces at redhat.com] On Behalf Of schaufler-ca.com - Casey Schaufler
Sent: Monday, September 19, 2005 5:04 PM
To: sgrubb at redhat.com
Cc: redhat-lspp at redhat.com
Subject: Re: [redhat-lspp] Number of level & compartments
Steve Grubb <sgrubb at redhat.com> wrote:
>
> Hello
>
>
> According to the LSPP spec´s we need to allow 16 levels and at least
> 64 compartments (Section 5.2.6.7.c). I think the number of levels are
> OK, but I think we need the ability to have 256 compartments as a
> baseline. Can we do this?
In the real world MLS systems use either 0 compartments (strictly heirarchical), two or three compartments (a shared system), or a whole lot of compartments (one per "project"). Niether 64 nor 256 are interesting values for the number of compartments. If you care about the "compartment per project" user you need thousands of compartments. This has been done (Trusted Irix) but requires more sophisticated labels than the bitmaps used in UNICOS and Trusted Solaris. I don't know how y'all are planning represent labels, hence I can't say what issues you'll encounter.
------------------------
Casey Schaufler
casey at schaufler-ca.com
650.906.1780
--
redhat-lspp mailing list
redhat-lspp at redhat.com
https://www.redhat.com/mailman/listinfo/redhat-lspp
More information about the redhat-lspp
mailing list