Unix security additions
Marcus J. Ranum
mjr at hussar.dco.dec.com
Wed Mar 20 00:50:12 AEST 1991
jfh at rpp386.cactus.org (John F Haugh II) writes:
>>Presumably one cannot TYPE in a non-secure window either? Can't have that
>>"sensitive" guv`mint data typed by hand, either, can we?
Well, the idea here is that if I open up a TS document in one
window, and a UC document in another, and just manually transcribe the
one to the other, I've broken the law in a manner that is outside of
the scope of the software. (I mean, I could just use my photographic
memory, and go sing the data at a local bar, too) - however, the system
will help the security officers prosecute me, when they point out that
I had both TS and UC documents open at once, and the logs show that the
one I spilled to the [favorite "enemy" here] was one of them.
>At some point in time you ultimately have to trust the people who you
>have given access to this data to. This is why it is permissible to
>type from a higher level window to a lever level window - simply because
>desk blotters and note pads lack MAC labels. As for why you can't have
>cut and paste between windows, hell, seems like a completely arbitrary
>restriction to me - provided the invoker has the authority to downgrade
>information, that is.
The idea of "downgrade" is that when you downgrade information,
the fact gets logged someplace, and remembered. Thus, downgrading a
document is entirely different from cutting a hunk of TS data from
one window and pasting it into an unclassified window. I believe that
my employer's CMW product actually allows cut & paste, but upgrades the
sensitivity of the pasted-into document to that of the cut-from, if
the cut-from is higher.
As someone explained it to me, the goal is somewhat to limit the
effective *bandwidth* at which you can steal stuff. If I could somehow
do a software-to-software "theft" of sensitive information, my chances
of being able to grab a LOT are higher than if I diligently copy to
postit notes which I sneak out of the building secreted in my anus. (I
have not ever tried this, mind you).
The part I really love about all this (haven't experienced it
directly) is that with MAC stuff in your system, there's a degree of
"creeping classification" - which is to say that over time the system
will become more and more "secret" as data is touched, and eventually
it will tend towards being entirely at whatever the highest security
level was.
It's all spook stuff, and it's government spook stuff at that,
so don't expect it to make any sense, and then you'll understand.
mjr.
--
The world is just backing store for virtual reality games.
More information about the Comp.unix.internals
mailing list