Standards Update, IEEE 1003.6: Security

Jason Zions jason at cnd.hp.com
Sat Jun 30 07:12:26 AEST 1990 

From:  Jason Zions <jason at cnd.hp.com>

> Conversely, users at a high classification may not make their work
> available to users at a lower classification: one can neither ``read up''
> nor ``write down.'' There are also compartments within each
> classification level, such as NATO, nuclear, DOE, or project X.  Access
> requires the proper level and authorization for all compartments
> associated with the resource.  The MAC group is defining interfaces for
> such a mandatory mechanism.  It's not as confusing as it sounds, but
> outside of the DoD it is as useless as it sounds.  (Prove me wrong.  Show
> me how this DoD policy is useful in a commercial environment.)

Both compartmentalization and classification have commercial applications,
but I'm not certain those applications justify the cost and pain.

Compartmentalization: Large organizations frequently pursue strategies and
practices in the course of daily business that seem, well, contradictory.
Things like negotiating with arch-rival companies to sell each of them
exclusive rights to a particular technology; at some point, when the
higher-ups figure one of the two deals is superior, the other "falls
through". For the sake of verisimilitude, one might wish to
compartmentalize both negotiation efforts from each other and from the rest
of the company on a "need-to-know" basis.

One might wish to compartmentalize ones research labs from ones marketing
people to prevent the marketing of "futures"; similarly, separating R&D
from support organizations can help prevent leakage.

All of these can be accomplished by a Simple Matter Of Policy; it is a
known phenomena, though, that the large the company the higher the
probability of leakage, regardless of policy. MAC can help.

Classification: Certain kinds of information are frequently required by law
to be controlled with respect to dissemination internally; data related to
profit and loss, stock exchange filings, personnel data, etc. Many
companies today forbid the electronic storage of such restricted
information, and they distribute it by means of printed copies, numbered
and signed for, burn-before-reading. It'd be nice to be able to store that
stuff on-line, transmit it electronically, while ensuring that those who
are not permitted by law to see the information cannot see it.

Again, SMOP can accomplish this; however, it's a lot easier to prove
someone is or is not an "insider" in the technical sense of the term by
showing whether or not they hda access to the relevant data, and by
recourse to an audit trail.

 - - - -

> Jason Zions, of HP, gave one of the most interesting and aggressive
                                                           ^^^^^^^^^^
> presentations of the day, on the work of the Transparent File Access
> Group, which included a preliminary list of issues that 1003.8 feels
> need to be reviewed.

Really? (wince)  Musta been a bad day. My apologies to all.

Jason Zions
Chair, 1003.8

Volume-Number: Volume 20, Number 67

More information about the Comp.std.unix mailing list