Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xense-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Int

from [Robert Watson] [Permanent Link][Original]
To: Chris Wright <chrisw@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro
From: Robert Watson <robert@xxxxxxxxxxxxxxxxx>
Date: Fri, 1 Sep 2006 19:20:11 +0100 (BST)
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, xense-devel@xxxxxxxxxxxxxxxxxxx, Jun Koi <junkoi2004@xxxxxxxxx>
Delivery-date: Fri, 01 Sep 2006 11:20:28 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20060901175832.GB21066@xxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
References: <1157129851.22006.187.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <fdaac4d50609011036j116cc28cv9a39476702b23585@xxxxxxxxxxxxxx> <20060901175832.GB21066@xxxxxxxxxxxxxxxxxxxx>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx 

On Fri, 1 Sep 2006, Chris Wright wrote:
- LSM has a problem of not supporting stacking module, and that is really paint in the arse. How about XSM? Do you try to fix that problem?
I don't see anything in XSM that changes that limitation to LSM. In fact, it appears to not even support the very weak stacking via chaining mechanism (which is a good plan in this case). And it's questionable at best. Arbitrary security policies simply do not compose.
I'm not entirely convinced that the theoretically hard problem of arbitrary policy composition is that much of a problem in practice. A number of systems (RSBAC on Linux, kauth(9) on Mac OS X, the MAC Framework on FreeBSD and Mac OS X, and the fixed compositions of MAC policies in many trusted systems) have illustrated that you can do a lot of useful things using a fixed composition that is effectively a logical and of granted rights. That isn't the same as stacking, of course, since the composition happens in the containing framework, rather than in the policies. Obviously, there are limitations to this approach, but for many things, it works quite well in quite a few deployed real-world systems with moderately diverse policies. 

Robert N M Watson
Computer Laboratory
University of Cambridge

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro, Chris Wright
Next by Date:  Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro, George S. Coker, II
Previous by Thread:  Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro, Chris Wright
Next by Thread:  Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro, Chris Wright
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy