GKN@SDSC.BITNET (Gerard K. Newman) (08/28/86)
From: Ronald A. Jarrell <JARRELLRA%VTMATH.BITNET@WISCVM.WISC.EDU> Date: Wed, 27-AUG-1986 13:44 EDT Anyone have any idea what dec was/is planning for the upgrade/downgrade priv pair? They are indeed involved in non-discretionary security -- the hooks are all in place inside of VMS to allow non-discretionary security for objects. The SYSGEN parameter CLASS_PROT turns it on and off. As it turns out, there's a field in the UAF which describes the classification levels a user is allowed to operate at, and many objects (among them files and devices) have a classification level associated with them. The scheme uses the confinement property to protect the integrity of data. Using it does cost you in terms of performance somewhat. It's unclear if DEC intends to market a layered product which exploits this feature (to use it effectivly you have to write some code) or if future versions of VMS will have such software by default. gkn --------------------------------------- Arpa: GKN%SDSC.BITNET@WISCVM.WISC.EDU USPS: Gerard K. Newman San Diego Supercomputer Center P.O. Box 85608 San Diego, CA 92138 AT&T: 619.534.5076