headers
David P. Quigley | 14 Nov 2008 23:36
Picon

Date and Time for Security Label Bar BOF

Hello,

For those who were interested in the Security Label Bar BOF we will be holding
it on Wednesday in the evening after the Operations and Administration Plenary
(roughly 8 or 8:30). I'm tentatively setting this time so if you have other
suggestions or believe it should be earlier feel free to suggest another time. I
will try to find a location for the BOF once I arrive on Sunday and once I have
found it I will post the location to the mailing list. I will not have access to
this email account while at IETF but I will be subscribed to the SAAG and
doi-discuss mailing lists with a travel account.

The bar BOF is meeting to discuss a consistent definition of Domains of
Interpretation and will also consist of discussion on the management and
administration of DOIs as well. A conversation about this has already started on
the DOI Discussion mailing list which can be found at the link below[1]. We hope
to start with the definition defined in the CALIPSO draft and see what changes
need to be made to allow it to support work being done with Labeled IPSec and
Labeled NFS.

While we are meeting to discuss DOIs, if there are additional topics relating to
security labels feel free to notify me and I will put them on the agenda.

Dave Quigley

[1] http://mail.opensolaris.org/mailman/listinfo/doi-discuss
Permalink | Reply | 4 comments |
headers
Jarrett Lu | 15 Nov 2008 02:49
Picon

Re: [doi-discuss] Date and Time for Security Label Bar BOF

Hi,

Can we do this BOF on Sunday or Monday evening? Tuesday would
work for me, but it conflicts with the social event. I need to leave on
Wednesday, and I really like to be at the BOF.

Thanks.

Jarrett

David P. Quigley wrote:
> Hello,
>
> For those who were interested in the Security Label Bar BOF we will be holding
> it on Wednesday in the evening after the Operations and Administration Plenary
> (roughly 8 or 8:30). I'm tentatively setting this time so if you have other
> suggestions or believe it should be earlier feel free to suggest another time. I
> will try to find a location for the BOF once I arrive on Sunday and once I have
> found it I will post the location to the mailing list. I will not have access to
> this email account while at IETF but I will be subscribed to the SAAG and
> doi-discuss mailing lists with a travel account.
>
> The bar BOF is meeting to discuss a consistent definition of Domains of
> Interpretation and will also consist of discussion on the management and
> administration of DOIs as well. A conversation about this has already started on
> the DOI Discussion mailing list which can be found at the link below[1]. We hope
> to start with the definition defined in the CALIPSO draft and see what changes
> need to be made to allow it to support work being done with Labeled IPSec and
> Labeled NFS.
>
(Continue reading)

Permalink | Reply | 2 comments |
headers
Joy Latten | 15 Nov 2008 01:00
Picon
Favicon

Re: Date and Time for Security Label Bar BOF

Hi David, 

I won't be at the coming IETF meeting, but I would most definitely
like to help or participate any way that I can. Please let me know 
what I can do to assist from afar. :-)

Thanks!!

regards,
Joy Latten

On Fri, 2008-11-14 at 17:36 -0500, David P. Quigley wrote:
> Hello,
> 
> For those who were interested in the Security Label Bar BOF we will be holding
> it on Wednesday in the evening after the Operations and Administration Plenary
> (roughly 8 or 8:30). I'm tentatively setting this time so if you have other
> suggestions or believe it should be earlier feel free to suggest another time. I
> will try to find a location for the BOF once I arrive on Sunday and once I have
> found it I will post the location to the mailing list. I will not have access to
> this email account while at IETF but I will be subscribed to the SAAG and
> doi-discuss mailing lists with a travel account.
> 
> The bar BOF is meeting to discuss a consistent definition of Domains of
> Interpretation and will also consist of discussion on the management and
> administration of DOIs as well. A conversation about this has already started on
> the DOI Discussion mailing list which can be found at the link below[1]. We hope
> to start with the definition defined in the CALIPSO draft and see what changes
> need to be made to allow it to support work being done with Labeled IPSec and
> Labeled NFS.
(Continue reading)

Permalink | Reply | 0 comments |
headers
David Quigley | 15 Nov 2008 20:31
Picon

Re: [doi-discuss] Date and Time for Security Label Bar BOF

We can do Monday evening. I thought people might be a bit weary from traveling so I pushed it to a bit later in the week. If those who have expressed a desire to attend don't mind we can we can probably try for 2000 on Monday since the last session that day runs till 1930.

On Fri, Nov 14, 2008 at 8:49 PM, Jarrett Lu <Jarrett.Lu <at> sun.com> wrote:
Hi,

Can we do this BOF on Sunday or Monday evening? Tuesday would
work for me, but it conflicts with the social event. I need to leave on
Wednesday, and I really like to be at the BOF.

Thanks.

Jarrett




David P. Quigley wrote:
Hello,

For those who were interested in the Security Label Bar BOF we will be holding
it on Wednesday in the evening after the Operations and Administration Plenary
(roughly 8 or 8:30). I'm tentatively setting this time so if you have other
suggestions or believe it should be earlier feel free to suggest another time. I
will try to find a location for the BOF once I arrive on Sunday and once I have
found it I will post the location to the mailing list. I will not have access to
this email account while at IETF but I will be subscribed to the SAAG and
doi-discuss mailing lists with a travel account.

The bar BOF is meeting to discuss a consistent definition of Domains of
Interpretation and will also consist of discussion on the management and
administration of DOIs as well. A conversation about this has already started on
the DOI Discussion mailing list which can be found at the link below[1]. We hope
to start with the definition defined in the CALIPSO draft and see what changes
need to be made to allow it to support work being done with Labeled IPSec and
Labeled NFS.

While we are meeting to discuss DOIs, if there are additional topics relating to
security labels feel free to notify me and I will put them on the agenda.

Dave Quigley


[1] http://mail.opensolaris.org/mailman/listinfo/doi-discuss


_______________________________________________
doi-discuss mailing list
doi-discuss <at> opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/doi-discuss
 

_______________________________________________
saag mailing list
saag <at> ietf.org
https://www.ietf.org/mailman/listinfo/saag

<div>
<p>We can do Monday evening. I thought people might be a bit weary from traveling so I pushed it to a bit later in the week. If those who have expressed a desire to attend don't mind we can we can probably try for 2000 on Monday since the last session that day runs till 1930.<br><br></p>
<div class="gmail_quote">On Fri, Nov 14, 2008 at 8:49 PM, Jarrett Lu <span dir="ltr">&lt;<a href="mailto:Jarrett.Lu <at> sun.com">Jarrett.Lu <at> sun.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote">
Hi,<br><br>
Can we do this BOF on Sunday or Monday evening? Tuesday would<br>
work for me, but it conflicts with the social event. I need to leave on<br>
Wednesday, and I really like to be at the BOF.<br><br>
Thanks.<br><br>
Jarrett<div class="Ih2E3d">
<br><br><br><br>
David P. Quigley wrote:<br><blockquote class="gmail_quote">
Hello,<br><br>
For those who were interested in the Security Label Bar BOF we will be holding<br>
it on Wednesday in the evening after the Operations and Administration Plenary<br>
(roughly 8 or 8:30). I'm tentatively setting this time so if you have other<br>
suggestions or believe it should be earlier feel free to suggest another time. I<br>
will try to find a location for the BOF once I arrive on Sunday and once I have<br>
found it I will post the location to the mailing list. I will not have access to<br>
this email account while at IETF but I will be subscribed to the SAAG and<br>
doi-discuss mailing lists with a travel account.<br><br>
The bar BOF is meeting to discuss a consistent definition of Domains of<br>
Interpretation and will also consist of discussion on the management and<br>
administration of DOIs as well. A conversation about this has already started on<br>
the DOI Discussion mailing list which can be found at the link below[1]. We hope<br>
to start with the definition defined in the CALIPSO draft and see what changes<br>
need to be made to allow it to support work being done with Labeled IPSec and<br>
Labeled NFS.<br><br>
While we are meeting to discuss DOIs, if there are additional topics relating to<br>
security labels feel free to notify me and I will put them on the agenda.<br><br>
Dave Quigley<br><br><br>
[1] <a href="http://mail.opensolaris.org/mailman/listinfo/doi-discuss" target="_blank">http://mail.opensolaris.org/mailman/listinfo/doi-discuss</a><br><br><br>
_______________________________________________<br>
doi-discuss mailing list<br><a href="mailto:doi-discuss <at> opensolaris.org" target="_blank">doi-discuss <at> opensolaris.org</a><br><a href="http://mail.opensolaris.org/mailman/listinfo/doi-discuss" target="_blank">http://mail.opensolaris.org/mailman/listinfo/doi-discuss</a><br>
 &nbsp;<br>
</blockquote>
<br>
</div>
_______________________________________________<br>
saag mailing list<br><a href="mailto:saag <at> ietf.org" target="_blank">saag <at> ietf.org</a><br><a href="https://www.ietf.org/mailman/listinfo/saag" target="_blank">https://www.ietf.org/mailman/listinfo/saag</a><br>
</blockquote>
</div>
<br>
</div>
Permalink | Reply | 1 comment |
headers
Paul Moore | 17 Nov 2008 15:15
Picon
Favicon

Re: [doi-discuss] Date and Time for Security Label Bar BOF

On Saturday 15 November 2008 2:31:41 pm David Quigley wrote:
> We can do Monday evening. I thought people might be a bit weary from
> traveling so I pushed it to a bit later in the week. If those who
> have expressed a desire to attend don't mind we can we can probably
> try for 2000 on Monday since the last session that day runs till
> 1930.

Unfortunately I won't be able to make it (I'm not at the IETF this 
week), if anyone manages to take notes I'd really appreciate it if they 
could post them to the list.

Thanks.

--

-- 
paul moore
linux  <at>  hp
Permalink | Reply | 0 comments |
headers
David Quigley | 17 Nov 2008 18:12
Picon

Security Label BOF Location and Time

Hello,

    The Security Label Bar BOF will start by meeting in the lobby of the Hilton at 8pm. From there we can choose one of the nearby pubs to go to. I have a list of local restaurants/pubs from the concierge and it lists an Irish pub (The Local) and a British pub (Brit's Pub) within two blocks of the Hilton. If people prefer to stay at the hotel we can also use the restaurant down stairs as well. I figure if we go to one of the pubs people can eat there if they like or just go for drinks if they have already eaten.

 

Since I haven't received any other topics people wish to discuss the agenda at the moment contains one item (all be it a complex one).

 

Background:

 

Originally the term Security Label consisted of MLS and Integrity labels as they were used in the orange book. Since then there have been other forms of mandatory access control(MAC) and some MAC systems such as SELinux which implement several of the forms within the same system(Domain Type Enforcement (DTE), RBAC and MLS). In traditional MAC systems the policy is very rigid with the model being built into the operating system. In more recent MAC systems (SELinux, Trusted BSD, Solaris FMAC) the idea of flexibility of policy and mechanism have made it such that even if two systems use the same MAC model they may each possess completely different policies. Because of this the idea of a Domain of Interpretation(DOI) has become more important. Conceptually a DOI is a collection of systems where a label has a consistant semantic meaning across all of those systems. Traditionally MLS labels were represented as integers and bit fields so a DOI in this context defined what bits corresponded to which categories and what levels were present. In more recent systems labels are more directly represented as strings. For example in a DTE system a label may be httpd_content_t and two systems may possess this label but the semantics of it may be different.

 

Discussion Topics:

 

Since several drafts exist that use security labels (CALIPSO, Labeled NFSv4) there is a need for a consistent definition of a DOI. The CALIPSO document has a good starting point for a definition but it is very MLS centric. In addition to the two documents mentioned above there is also are also a couple of documents floating around pertaining to labeled IPSec which also contain a definition of DOIs. Once these make there way to the working group there will be four documents which will have the concept of a DOI.

 

In this meeting I would like to see what changes need to be made to the CALIPSO DOI definition that makes it suitable to Labeled NFS and potentially Labeled IPSec. Once we come up with this we can draw up an initial draft of a document outlining DOIs which these documents could use as a normative reference. In addition to this I would also like to see a discussion on the administration and management of the DOI space.If people with experience handling DOIs are present  it would be useful to hear some issues that have been encountered in traditional systems.

 

Dave Quigley

<div>
<p class="MsoNormal">Hello,</p>
<p class="MsoNormal"><span>&nbsp;&nbsp;&nbsp; </span>The Security Label Bar BOF will start by meeting in the lobby of the Hilton at 8pm. From there we can choose one of the nearby pubs to go to. I have a list of local restaurants/pubs from the concierge and it lists an Irish pub (The Local) and a British pub (Brit's Pub) within two blocks of the Hilton. If people prefer to stay at the hotel we can also use the restaurant down stairs as well. I figure if we go to one of the pubs people can eat there if they like or just go for drinks if they have already eaten.</p>

<p class="MsoNormal">&nbsp;</p>
<p class="MsoNormal">Since I haven't received any other topics people wish to discuss the agenda at the moment contains one item (all be it a complex one).</p>

<p class="MsoNormal">&nbsp;</p>
<p class="MsoNormal">Background:</p>
<p class="MsoNormal">&nbsp;</p>
<p class="MsoNormal">Originally the term Security Label consisted of MLS and Integrity labels as they were used in the orange book. Since then there have been other forms of mandatory access control(MAC) and some MAC systems such as SELinux which implement several of the forms within the same system(Domain Type Enforcement (DTE), RBAC and MLS). In traditional MAC systems the policy is very rigid with the model being built into the operating system. In more recent MAC systems (SELinux, Trusted BSD, Solaris FMAC) the idea of flexibility of policy and mechanism have made it such that even if two systems use the same MAC model they may each possess completely different policies. Because of this the idea of a Domain of Interpretation(DOI) has become more important. Conceptually a DOI is a collection of systems where a label has a consistant semantic meaning across all of those systems. Traditionally MLS labels were represented as integers and bit fields so a DOI in this context defined what bits corresponded to which categories and what levels were present. In more recent systems labels are more directly represented as strings. For example in a DTE system a label may be httpd_content_t and two systems may possess this label but the semantics of it may be different.</p>

<p class="MsoNormal">&nbsp;</p>
<p class="MsoNormal">Discussion Topics:</p>
<p class="MsoNormal">&nbsp;</p>
<p class="MsoNormal">Since several drafts exist that use security labels (CALIPSO, Labeled NFSv4) there is a need for a consistent definition of a DOI. The CALIPSO document has a good starting point for a definition but it is very MLS centric. In addition to the two documents mentioned above there is also are also a couple of documents floating around pertaining to labeled IPSec which also contain a definition of DOIs. Once these make there way to the working group there will be four documents which will have the concept of a DOI.</p>

<p class="MsoNormal">&nbsp;</p>
<p class="MsoNormal">In this meeting I would like to see what changes need to be made to the CALIPSO DOI definition that makes it suitable to Labeled NFS and potentially Labeled IPSec. Once we come up with this we can draw up an initial draft of a document outlining DOIs which these documents could use as a normative reference. In addition to this I would also like to see a discussion on the administration and management of the DOI space.If people with experience handling DOIs are present<span>&nbsp; </span>it would be useful to hear some issues that have been encountered in traditional systems. </p>

<p class="MsoNormal">&nbsp;</p>
<p class="MsoNormal">Dave Quigley</p>
</div>
Permalink | Reply | 502 comments |
headers
David Quigley | 17 Nov 2008 18:54
Picon

Re: Security Label BOF Location and Time

Just to clarify that is 8pm Today (Monday) that we are meeting.

Dave

On Mon, Nov 17, 2008 at 11:12 AM, David Quigley <quigleystravels <at> gmail.com> wrote:

Hello,

    The Security Label Bar BOF will start by meeting in the lobby of the Hilton at 8pm. From there we can choose one of the nearby pubs to go to. I have a list of local restaurants/pubs from the concierge and it lists an Irish pub (The Local) and a British pub (Brit's Pub) within two blocks of the Hilton. If people prefer to stay at the hotel we can also use the restaurant down stairs as well. I figure if we go to one of the pubs people can eat there if they like or just go for drinks if they have already eaten.

 

Since I haven't received any other topics people wish to discuss the agenda at the moment contains one item (all be it a complex one).

 

Background:

 

Originally the term Security Label consisted of MLS and Integrity labels as they were used in the orange book. Since then there have been other forms of mandatory access control(MAC) and some MAC systems such as SELinux which implement several of the forms within the same system(Domain Type Enforcement (DTE), RBAC and MLS). In traditional MAC systems the policy is very rigid with the model being built into the operating system. In more recent MAC systems (SELinux, Trusted BSD, Solaris FMAC) the idea of flexibility of policy and mechanism have made it such that even if two systems use the same MAC model they may each possess completely different policies. Because of this the idea of a Domain of Interpretation(DOI) has become more important. Conceptually a DOI is a collection of systems where a label has a consistant semantic meaning across all of those systems. Traditionally MLS labels were represented as integers and bit fields so a DOI in this context defined what bits corresponded to which categories and what levels were present. In more recent systems labels are more directly represented as strings. For example in a DTE system a label may be httpd_content_t and two systems may possess this label but the semantics of it may be different.

 

Discussion Topics:

 

Since several drafts exist that use security labels (CALIPSO, Labeled NFSv4) there is a need for a consistent definition of a DOI. The CALIPSO document has a good starting point for a definition but it is very MLS centric. In addition to the two documents mentioned above there is also are also a couple of documents floating around pertaining to labeled IPSec which also contain a definition of DOIs. Once these make there way to the working group there will be four documents which will have the concept of a DOI.

 

In this meeting I would like to see what changes need to be made to the CALIPSO DOI definition that makes it suitable to Labeled NFS and potentially Labeled IPSec. Once we come up with this we can draw up an initial draft of a document outlining DOIs which these documents could use as a normative reference. In addition to this I would also like to see a discussion on the administration and management of the DOI space.If people with experience handling DOIs are present  it would be useful to hear some issues that have been encountered in traditional systems.

 

Dave Quigley


<div>
<div>Just to clarify that is 8pm Today (Monday) that we are meeting.</div>
<div>
<br>Dave<br><br>
</div>
<div class="gmail_quote">On Mon, Nov 17, 2008 at 11:12 AM, David Quigley <span dir="ltr">&lt;<a href="mailto:quigleystravels <at> gmail.com">quigleystravels <at> gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote">
<p>Hello,</p>
<p><span>&nbsp;&nbsp;&nbsp; </span>The Security Label Bar BOF will start by meeting in the lobby of the Hilton at 8pm. From there we can choose one of the nearby pubs to go to. I have a list of local restaurants/pubs from the concierge and it lists an Irish pub (The Local) and a British pub (Brit's Pub) within two blocks of the Hilton. If people prefer to stay at the hotel we can also use the restaurant down stairs as well. I figure if we go to one of the pubs people can eat there if they like or just go for drinks if they have already eaten.</p>

<p>&nbsp;</p>
<p>Since I haven't received any other topics people wish to discuss the agenda at the moment contains one item (all be it a complex one).</p>
<p>&nbsp;</p>
<p>Background:</p>
<p>&nbsp;</p>
<p>Originally the term Security Label consisted of MLS and Integrity labels as they were used in the orange book. Since then there have been other forms of mandatory access control(MAC) and some MAC systems such as SELinux which implement several of the forms within the same system(Domain Type Enforcement (DTE), RBAC and MLS). In traditional MAC systems the policy is very rigid with the model being built into the operating system. In more recent MAC systems (SELinux, Trusted BSD, Solaris FMAC) the idea of flexibility of policy and mechanism have made it such that even if two systems use the same MAC model they may each possess completely different policies. Because of this the idea of a Domain of Interpretation(DOI) has become more important. Conceptually a DOI is a collection of systems where a label has a consistant semantic meaning across all of those systems. Traditionally MLS labels were represented as integers and bit fields so a DOI in this context defined what bits corresponded to which categories and what levels were present. In more recent systems labels are more directly represented as strings. For example in a DTE system a label may be httpd_content_t and two systems may possess this label but the semantics of it may be different.</p>

<p>&nbsp;</p>
<p>Discussion Topics:</p>
<p>&nbsp;</p>
<p>Since several drafts exist that use security labels (CALIPSO, Labeled NFSv4) there is a need for a consistent definition of a DOI. The CALIPSO document has a good starting point for a definition but it is very MLS centric. In addition to the two documents mentioned above there is also are also a couple of documents floating around pertaining to labeled IPSec which also contain a definition of DOIs. Once these make there way to the working group there will be four documents which will have the concept of a DOI.</p>

<p>&nbsp;</p>
<p>In this meeting I would like to see what changes need to be made to the CALIPSO DOI definition that makes it suitable to Labeled NFS and potentially Labeled IPSec. Once we come up with this we can draw up an initial draft of a document outlining DOIs which these documents could use as a normative reference. In addition to this I would also like to see a discussion on the administration and management of the DOI space.If people with experience handling DOIs are present<span>&nbsp; </span>it would be useful to hear some issues that have been encountered in traditional systems. </p>

<p>&nbsp;</p>
<p>Dave Quigley</p>
</blockquote>
</div>
<br>
</div>
Permalink | Reply | 501 comments |
headers
Jarrett Lu | 18 Nov 2008 01:42
Picon

Re: [73attendees] Security Label BOF Location and Time

David Quigley wrote:
>
> Background:
>
>  
>
> Originally the term Security Label consisted of MLS and Integrity 
> labels as they were used in the orange book. Since then there have 
> been other forms of mandatory access control(MAC) and some MAC systems 
> such as SELinux which implement several of the forms within the same 
> system(Domain Type Enforcement (DTE), RBAC and MLS). In traditional 
> MAC systems the policy is very rigid with the model being built into 
> the operating system. In more recent MAC systems (SELinux, Trusted 
> BSD, Solaris FMAC) the idea of flexibility of policy and mechanism 
> have made it such that even if two systems use the same MAC model they 
> may each possess completely different policies. Because of this the 
> idea of a Domain of Interpretation(DOI) has become more important. 
> Conceptually a DOI is a collection of systems where a label has a 
> consistant semantic meaning across all of those systems. Traditionally 
> MLS labels were represented as integers and bit fields so a DOI in 
> this context defined what bits corresponded to which categories and 
> what levels were present. In more recent systems labels are more 
> directly represented as strings. For example in a DTE system a label 
> may be httpd_content_t and two systems may possess this label but the 
> semantics of it may be different.
>

This is a significant departure from the DOI definition that I
understood. As you mentioned above, using same DOI implies
all systems agree to same label interpretation and hence enforce
same label policies. I don't quite understand the rationale in
wanting to change that definition to accommodate DTE MAC
systems. Labels can be represented by strings or bitmaps (e.g.
CIPSO). What's important is that systems interpret the labels
the same way, and a DOI value is used to ensure that. If a label
has different meanings on different systems, what do you need a
DOI for? Just to be able interpret a well formed label? I'd think the
ability to interpret a label is implicit. If one doesn't recognize a
label based on label definition, the packet should be dropped.

We can discuss this some more. This post is for people who are
interested in the topic but can't attend the BOF.

Jarrett
Permalink | Reply | 1 comment |
headers
David Quigley | 18 Nov 2008 01:55
Picon

Re: [73attendees] Security Label BOF Location and Time



On Mon, Nov 17, 2008 at 6:42 PM, Jarrett Lu <Jarrett.Lu <at> sun.com> wrote:
David Quigley wrote:

Background:

 
Originally the term Security Label consisted of MLS and Integrity labels as they were used in the orange book. Since then there have been other forms of mandatory access control(MAC) and some MAC systems such as SELinux which implement several of the forms within the same system(Domain Type Enforcement (DTE), RBAC and MLS). In traditional MAC systems the policy is very rigid with the model being built into the operating system. In more recent MAC systems (SELinux, Trusted BSD, Solaris FMAC) the idea of flexibility of policy and mechanism have made it such that even if two systems use the same MAC model they may each possess completely different policies. Because of this the idea of a Domain of Interpretation(DOI) has become more important. Conceptually a DOI is a collection of systems where a label has a consistant semantic meaning across all of those systems. Traditionally MLS labels were represented as integers and bit fields so a DOI in this context defined what bits corresponded to which categories and what levels were present. In more recent systems labels are more directly represented as strings. For example in a DTE system a label may be httpd_content_t and two systems may possess this label but the semantics of it may be different.


This is a significant departure from the DOI definition that I
understood. As you mentioned above, using same DOI implies
all systems agree to same label interpretation and hence enforce
same label policies. I don't quite understand the rationale in
wanting to change that definition to accommodate DTE MAC
systems. Labels can be represented by strings or bitmaps (e.g.
CIPSO). What's important is that systems interpret the labels
the same way, and a DOI value is used to ensure that. If a label
has different meanings on different systems, what do you need a
DOI for? Just to be able interpret a well formed label? I'd think the
ability to interpret a label is implicit. If one doesn't recognize a
label based on label definition, the packet should be dropped.

We can discuss this some more. This post is for people who are
interested in the topic but can't attend the BOF.


Jarrett
 
 
I didn't mean to imply that there was any accomodation of DTE in there. Your definition is correct and seems to be an isomorph of what I said. There shouldn't be anything in there that implies a particular mechanism for labels I was just giving some examples of the way they are currently done for those who don't know anything about the topic. If a label has two different meanings on two different system it is even more important to know what DOI it is in so you don't confuse the foreign form of that label for the local one. Sam is going to be at the meeting and said he will be taking notes so there should be a record posted after the meeting about what was discussed.
 
Dave
<div>
<br><br><div class="gmail_quote">On Mon, Nov 17, 2008 at 6:42 PM, Jarrett Lu <span dir="ltr">&lt;<a href="mailto:Jarrett.Lu <at> sun.com">Jarrett.Lu <at> sun.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote">
<div class="Ih2E3d">David Quigley wrote:<br><blockquote class="gmail_quote">
<br>Background:<br><br>&nbsp;<br>Originally the term Security Label consisted of MLS and Integrity labels as they were used in the orange book. Since then there have been other forms of mandatory access control(MAC) and some MAC systems such as SELinux which implement several of the forms within the same system(Domain Type Enforcement (DTE), RBAC and MLS). In traditional MAC systems the policy is very rigid with the model being built into the operating system. In more recent MAC systems (SELinux, Trusted BSD, Solaris FMAC) the idea of flexibility of policy and mechanism have made it such that even if two systems use the same MAC model they may each possess completely different policies. Because of this the idea of a Domain of Interpretation(DOI) has become more important. Conceptually a DOI is a collection of systems where a label has a consistant semantic meaning across all of those systems. Traditionally MLS labels were represented as integers and bit fields so a DOI in this context defined what bits corresponded to which categories and what levels were present. In more recent systems labels are more directly represented as strings. For example in a DTE system a label may be httpd_content_t and two systems may possess this label but the semantics of it may be different.<br><br>
</blockquote>
<br>
</div>This is a significant departure from the DOI definition that I<br>understood. As you mentioned above, using same DOI implies<br>all systems agree to same label interpretation and hence enforce<br>
same label policies. I don't quite understand the rationale in<br>wanting to change that definition to accommodate DTE MAC<br>systems. Labels can be represented by strings or bitmaps (e.g.<br>CIPSO). What's important is that systems interpret the labels<br>
the same way, and a DOI value is used to ensure that. If a label<br>has different meanings on different systems, what do you need a<br>DOI for? Just to be able interpret a well formed label? I'd think the<br>ability to interpret a label is implicit. If one doesn't recognize a<br>
label based on label definition, the packet should be dropped.<br><br>We can discuss this some more. This post is for people who are<br>interested in the topic but can't attend the BOF.<br><br><br>
Jarrett<br>
</blockquote>
</div>
<div>&nbsp;</div>
<div>&nbsp;</div>
<div>I didn't mean to imply that there was any accomodation of DTE in there. Your definition is correct and seems to be an isomorph of what I said. There shouldn't be anything in there that implies a particular mechanism for labels I was just giving some examples of the way they are currently done for those who don't know anything about the topic. If a label has two different meanings on two different system it is even more important to know what DOI it is in so you don't confuse the foreign form of that label for the local one. Sam is going to be at the meeting and said he will be taking notes so there should be a record posted after the meeting about what was discussed.</div>

<div>&nbsp;</div>
<div>Dave<br>
</div>
</div>
Permalink | Reply | 0 comments |
headers
Charles Clancy | 19 Nov 2008 17:57

HOKEY Meeting Summary

SAAG,

HOKEY met on Wednesday morning at 0900.  Since the last IETF meeting, 
the ERX and EMKSK Key Hierarchy documents have been published as RFCs, 
and work has progressed on consolidating the Key Management documents, 
which now represents the WG consensus.

At the meeting, we discussed advancing the Preauth Problem Statement 
document to the IETF (which will be occurring in short order), and 
continued edits of the Key Management document (cleaning up and 
simplifying terminology and text).

Between now and the next IETF meeting, the group plans to complete the 
Key Management document and discuss possible topics for rechartering.

--
t. charles clancy, ph.d.                 eng.umd.edu/~tcc
electrical & computer engineering, university of maryland
Permalink | Reply | 0 comments |

Gmane