[redhat-lspp] MLS security context invariants
Darrel Goeddel
dgoeddel at trustedcs.com
Mon Jun 27 16:24:17 UTC 2005
Frank Mayer wrote:
> I'm trying to get my head wrapped around the "invariants" for security
> contexts in the MLS policy. Given that we are implementing these invariants
> via state transition constraints makes it all the more challenging.
>
> What I'm trying to convince myself is that we have the simple invariant in
> place that says "For all security contexts C, hi(C) dom low(C)." Seems like
> an straightforward necessity to me.
The "high dominates low" relationship is enforced for all contexts by the
security server when the context is checked for validity
(via the mls_context_isvalid function).
--
Darrel
More information about the redhat-lspp
mailing list