MLS and Biba
Klaus Weidner
klaus at atsec.com
Wed Sep 27 16:09:37 UTC 2006
On Mon, Sep 25, 2006 at 07:24:13PM +0200, Salvo Giuffrida wrote:
> Good morning, is it possible to configure the MLS policy, using
> mlsconstraint, to enforce a Biba integrity model of security (no read down,
> no write up), instead of the Bell-LaPadula (no read up, no write down)? I'm
> reading the book "SELinux by example", and there there's written that the
> MLS facility in the Security Server is not very flexible, and allows only
> to enforce the rules "no read up, no write down". But, if I'm the one
> configuring the policy in the file "mls", shouldn't I be able to change the
> rules to the opposite?
Sure, for example the MCS policy implements "no read up, no write up",
have a look at the policy/mcs file in the serefpolicy distribution.
If you need more help please try the SELinux mailing list.
I think an interesting extension would be to split up the category bits
into MLS, MCS, and MIC (integrity) sets, so that you could use all the
models within a single policy.
Something like the following maybe (this doesn't work currently)?
mlsconstrain file write
(((l1 & mls_cats) dom (l2 & mls_cats)) and
((h1 & mcs_cats) dom (h2 & mcs_cats)) and
((l1 & mic_cats) domby (l2 & mic_cats)));
mlsconstrain file read
(((l1 & mls_cats) eq (l2 & mls_cats)) and
((h1 & mcs_cats) dom (h2 & mcs_cats)) and
((l1 & mic_cats) dom (l2 & mic_cats)))
-Klaus
More information about the fedora-selinux-list
mailing list