RE: MAC and DAC and the combination

Subject: RE: MAC and DAC and the combination
From: "Boberski, Michael A. " <MICHAEL.A.BOBERSKI@saic.com>
Date: Wed, 7 Feb 2007 22:44:52 -0500
Content-class: urn:content-classes:message
Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C74B33.7DCFCB39"
References: <4545B782.14929.60B3DC@faigin.aero.org> <000b01c749ac$b6a7a0b0$6858a8c0@yokota> <000401c74b22$7cf87f20$6858a8c0@yokota>
Thread-Index: AcdLJCxRbf6tMy49RtSo2Oq8zEAm+wAB7EAg
Thread-Topic: MAC and DAC and the combination

You may find a copy of the old orange book helpful in general, things are explained a little differently. There appears to be a copy at the location: http://csrc.ncsl.nist.gov/secpubs/rainbow/std001.txt
 
Translation and coaching of evaluation terminology, concepts, and process is most easily done in support of an evaluation, either as a member of an evaluation team, or writing evidence. 
 
It is also not uncommon for laboratory consultants to develop training or reference materials for customers to help them write evidence, targeting the materials at for example assurance levels or technology types. 

 
________________________________

From: cc-cmt@nist.gov on behalf of YOKOTA HIROFUMI
Sent: Wed 2/7/2007 8:51 PM
To: Multiple recipients of list
Subject: MAC and DAC and the combination





Hi,

What is MAC? and What is DAC?
I suppose, new generations and IT security beginners are having fewer
chances to learn those terms in-depth.
And, I would say, it is very hard to read those terms, especially when they
are used in combination as follows.

--------------------------
PD-011 Attribute Inheritance/Modification Rules Need To Be Included In
Policy
The "Issue" says:
For example, one cannot use FMT_MSA to specify a rule that a Mandatory
Access Control SFP must be satisfied in order to set security attributes
controlled under a Discretionary Access Control policy. So how can this be
done?
--------------------------

Before to know how this can be done using the cc specifications, we need to
know the meaning of this MAC/DAC combination.
Namely, the meaning of the rule: that a Mandatory Access Control SFP must be
satisfied in order to set security attributes controlled under a
Discretionary Access Control policy.

Could such a rule and a situation flush into your imagination?
Could someone illustrate this, using the CC terms: i.e., subject, object,
information flow, rules, access control list, attributes, pass/deny, etc ?

Thanks advanced for your help.

Best regards,
 Hirofumi Yokota

winmail.dat

References:
- PD 0129: Deletion of the oldest audit events when audit storage space is exhausted
  - From: "Observation Decisions Review Board" <faigin@aero.org>
- Re: PD 0129: Deletion of the oldest audit events when audit storage space is exhausted
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>
- MAC and DAC and the combination
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

Prev by Date: MAC and DAC and the combination
Next by Date: RE: MAC and DAC and the combination
Prev by thread: MAC and DAC and the combination
Next by thread: RE: MAC and DAC and the combination

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov