GKN@SDSC.BITNET (Gerard K. Newman) (08/28/86)
From: Ronald A. Jarrell <JARRELLRA%VTMATH.BITNET@WISCVM.WISC.EDU>
Date: Wed, 27-AUG-1986 13:44 EDT
Anyone have any idea what dec was/is planning for the
upgrade/downgrade priv pair?
They are indeed involved in non-discretionary security -- the hooks are all
in place inside of VMS to allow non-discretionary security for objects. The
SYSGEN parameter CLASS_PROT turns it on and off. As it turns out, there's
a field in the UAF which describes the classification levels a user is
allowed to operate at, and many objects (among them files and devices) have
a classification level associated with them.
The scheme uses the confinement property to protect the integrity of data.
Using it does cost you in terms of performance somewhat. It's unclear if
DEC intends to market a layered product which exploits this feature (to use
it effectivly you have to write some code) or if future versions of VMS will
have such software by default.
gkn
---------------------------------------
Arpa: GKN%SDSC.BITNET@WISCVM.WISC.EDU
USPS: Gerard K. Newman
San Diego Supercomputer Center
P.O. Box 85608
San Diego, CA 92138
AT&T: 619.534.5076