Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!rochester!cornell!uw-beaver!ssc-vax!nelson
From: nelson@ssc-vax.UUCP (Paul W. Nelson)
Newsgroups: comp.misc
Subject: Re: access-lists vs. unix permissions
Message-ID: <860@ssc-bee.ssc-vax.UUCP>
Date: Wed, 15-Jul-87 19:11:50 EDT
Article-I.D.: ssc-bee.860
Posted: Wed Jul 15 19:11:50 1987
Date-Received: Sat, 18-Jul-87 05:40:13 EDT
References: <1334@ssc-vax.UUCP>
Organization: Boeing Aerospace Corp., Seattle WA
Lines: 35

in article <1334@ssc-vax.UUCP>, herber@ssc-vax.UUCP (David A Wilson) says:
> 
> 	The issue I would like to discuss is why are access-lists considered
> more secure that unix-style owner/group/other permission(as the specification
> seems to apply)? Are there any studies that show this? I can see no reason
> that unix permissions cannot provide equivalent level of data access
> protection to access-lists. With multiple group membership, such as provided
> in BSD Unix, file access can be controlled to any level desired.
> 

The problem with this approach is that it requires the system administrator
to set up new groups.  How many groups do you think would be required to
cover each file that needs access-list type protection?  It could be very
significant, not to mention cumbersome trying to remember which group goes
with which file.

Access control lists are not really required until you get to a B3
level of assurance.  The requirements for C2-B2 say that the user
must specify and control sharing of objects.  Groups, name lists
or both can be used, and the user must be able to limit propagation of
access rights.

The real sticky point in getting into the B category is the concept of
mandatory access control.  B level systems must "enforce a mandatory
access control policy over all subjects and storage objects under
its control".  The subjects and objects must be assigned sensitivity
labels that are a combination of hierarchical (unclass, secret, top secret,
etc.) and non-hierarchical (no foreign, COMSEC, NATO, etc). 

By the way, the orange book is now DOD 5200.28-STD "Department of Defense,
Trusted Computer System Evaluation Criteria".


			Paul Nelson
			uw-beaver!ssc-vax!ssc-bee!nelson