Firewalls: RE: Mandatory protection (was: product selection)

Firewalls
(January 1996)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Mandatory protection (was: product selection)
From:	Jonathon Tidswell <t-jont @ microsoft . com>
Date:	Tue, 30 Jan 1996 23:55:18 -0800
To:	"firewalls @ greatcircle . com" <IMCEAX400-c=US+3Ba=+20+3Bp=MSFT+3Bo=SOUTHPACIFIC+3Bdda+3ASMTP=firewalls+40greatcircle+2Ecom+3B @ red-03-imc . itg . microsoft . com>

For those of use who dont have (or have not had) ready access to half a 
dozen "secure" systems.
Can someone please comment on / answer the following ?

- TE is a MAC mechanism for providing least privilege
- MLS is a hierarchical labeling scheme for MAC (originally aimed at 
confidentiality)
- B2 systems require 'least privilege' mechanism (in addition to the MLS 
required at B1)
- Firewalls seem to be more intuitively served with least privilege than 
with MLS 

Is there a common model or mechanism (other than TE) for least privilege in 
B2 (and above) systems ?

TIA
JonT

Indexed By Date	Previous:	Satan Information From: Inverardi @ abacus . ch (Remo Inverardi)
Indexed By Date	Next:	From: (nil)
Indexed By Thread	Previous:	Re: Mandatory protection (was: product selection) From: Rick Smith <smith @ sctc . com>
Indexed By Thread	Next:	Java Security Info need From: Sami Mousa <smousa @ hq . si . net>