[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro



* Robert Watson (robert@xxxxxxxxxxxxxxxxx) wrote:
> On Fri, 1 Sep 2006, Chris Wright wrote:
> >I don't see anything in XSM that changes that limitation to LSM.  In fact, 
> >it appears to not even support the very weak stacking via chaining 
> >mechanism (which is a good plan in this case).  And it's questionable at 
> >best. Arbitrary security policies simply do not compose.
> 
> I'm not entirely convinced that the theoretically hard problem of arbitrary 
> policy composition is that much of a problem in practice.  A number of 
> systems (RSBAC on Linux, kauth(9) on Mac OS X, the MAC Framework on FreeBSD 
> and Mac OS X, and the fixed compositions of MAC policies in many trusted 
> systems) have illustrated that you can do a lot of useful things using a 
> fixed composition that is effectively a logical and of granted rights.  
> That isn't the same as stacking, of course, since the composition happens 
> in the containing framework, rather than in the policies.  Obviously, there 
> are limitations to this approach, but for many things, it works quite well 
> in quite a few deployed real-world systems with moderately diverse policies.

No argument that it's possible to create useful compositions, especially with
framework imposed limitations like you mentioned.  But the flask policy model
is not the kind that I'd like to see composed with random other security models.

thanks,
-chris

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.