[anonsec] BYPASS OR PROTECT
kent at bbn.com
Fri Apr 6 14:14:42 PDT 2007
At 10:41 AM -0500 4/5/07, Nicolas Williams wrote:
>On Thu, Apr 05, 2007 at 07:18:07AM -0400, Stephen Kent wrote:
>> At 10:47 AM -0500 4/4/07, Nicolas Williams wrote:
>> >Another way to look at it is to have system policy determine insertion
>> >points into the SPD for app-requested rules -- since the SPD is ordered
>> >then the insertion points determine what rules the apps can "punch
>> >holes" into. There could be multiple such insertion points,
>> >corresponding to multiple local privilege levels.
>> one could do that, although I worry that this sounds fairly complex,
>> especially because it sounds like changes in SPD affect where
>> different rules apply.
>That's the nature of policies consisting of ordered rulesets.
This is not true for many access control models. We adopted the
ordered rule model because it was commonly employed in other
contexts, e.g., firewall filter rule, and because, with caching, it
works very well at layer 3.
Also, recall that the 4301 processing model uses caches and that
calls for the SPD to be de-correlated, which implies no ordering. So,
although it still makes sense to offer an interface for an ordered
SPD to a human user to administer, if we talk about making changes to
an SPD dynamically, from an app, we are assuming that the correlated
SPD is used as the reference, and then we have to de-correlate it,
see what impact that has on extant SPD cache and SAD entries, etc.
More information about the ANONSEC