MAC and DAC and the combination

Subject: MAC and DAC and the combination
From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>
Date: Thu, 8 Feb 2007 10:43:02 +0900
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"
References: <4545B782.14929.60B3DC@faigin.aero.org> <000b01c749ac$b6a7a0b0$6858a8c0@yokota>



Hi,

What is MAC? and What is DAC?
I suppose, new generations and IT security beginners are having fewer
chances to learn those terms in-depth.
And, I would say, it is very hard to read those terms, especially when they
are used in combination as follows.

--------------------------
PD-011 Attribute Inheritance/Modification Rules Need To Be Included In
Policy
The "Issue" says:
For example, one cannot use FMT_MSA to specify a rule that a Mandatory
Access Control SFP must be satisfied in order to set security attributes
controlled under a Discretionary Access Control policy. So how can this be
done?
--------------------------

Before to know how this can be done using the cc specifications, we need to
know the meaning of this MAC/DAC combination.
Namely, the meaning of the rule: that a Mandatory Access Control SFP must be
satisfied in order to set security attributes controlled under a
Discretionary Access Control policy.

Could such a rule and a situation flush into your imagination?
Could someone illustrate this, using the CC terms: i.e., subject, object,
information flow, rules, access control list, attributes, pass/deny, etc ?

Thanks advanced for your help.

Best regards,
 Hirofumi Yokota

Follow-Ups:
- RE: MAC and DAC and the combination
  - From: Nir Naaman <nir.naaman@metasec.com>
- RE: MAC and DAC and the combination
  - From: "Boberski, Michael A. " <MICHAEL.A.BOBERSKI@saic.com>

References:
- PD 0129: Deletion of the oldest audit events when audit storage space is exhausted
  - From: "Observation Decisions Review Board" <faigin@aero.org>
- Re: PD 0129: Deletion of the oldest audit events when audit storage space is exhausted
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

Prev by Date: Re: PD 0129: Deletion of the oldest audit events when audit storage space is exhausted
Next by Date: RE: MAC and DAC and the combination
Prev by thread: Re: PD 0129: Deletion of the oldest audit events when audit storage space is exhausted
Next by thread: RE: MAC and DAC and the combination

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov