Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)

Shawn Campbell <scampbell@assureddecisions.com> Fri, 03 April 2009 16:38 UTC

Return-Path: <scampbell@assureddecisions.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8CAD328C123; Fri, 3 Apr 2009 09:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sh0tueG6vo3M; Fri, 3 Apr 2009 09:38:51 -0700 (PDT)
Received: from smtp1.netvigour.com (smtp1.netvigour.com [144.202.247.31]) by core3.amsl.com (Postfix) with ESMTP id 82C3A3A6358; Fri, 3 Apr 2009 09:38:51 -0700 (PDT)
Received: from E2K7CCR1.netvigour.com ([10.201.10.17]) by mail10.netvigour.com ([10.201.10.15]) with mapi; Fri, 3 Apr 2009 12:36:16 -0400
From: Shawn Campbell <scampbell@assureddecisions.com>
To: Santosh Chokhani <SChokhani@cygnacom.com>, "saag@ietf.org" <saag@ietf.org>
Date: Fri, 3 Apr 2009 12:34:20 -0400
Thread-Topic: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
Thread-Index: AcmzqyjnktCJdE01TAayDuJGh7ueugAvoXswAAQW6lE=
Message-ID: <1429AAAB538ACD47902CFCA6954C566B16F22910@E2K7CCR1.netvigour.com>
References: <20090402154402.GM1500@Sun.COM>, <FAD1CF17F2A45B43ADE04E140BA83D48A9FF82@scygexch1.cygnacom.com>
In-Reply-To: <FAD1CF17F2A45B43ADE04E140BA83D48A9FF82@scygexch1.cygnacom.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "labeled-nfs@linux-nfs.org" <labeled-nfs@linux-nfs.org>, "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>, "nfsv4@ietf.org" <nfsv4@ietf.org>, "nfs-discuss@opensolaris.org" <nfs-discuss@opensolaris.org>
Subject: Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2009 16:38:52 -0000

Similar activity with SILS 802.10 work involved SDE security labels.  Though that has been disbanded, some of that may be a help in this area.

________________________________________
From: saag-bounces@ietf.org [saag-bounces@ietf.org] On Behalf Of Santosh Chokhani [SChokhani@cygnacom.com]
Sent: Friday, April 03, 2009 11:22 AM
To: saag@ietf.org
Cc: labeled-nfs@linux-nfs.org; nfs-discuss@opensolaris.org; nfsv4@ietf.org; selinux@tycho.nsa.gov
Subject: Re: [saag] Common labeled security (comment on CALIPSO,        labeled NFSv4)

As part of MISSI and DMS, in mid to late 90's we did work on something
called Security Policy Information File (SPIF).

At high level SPIF entailed the following:

1.  It was ASN.1 based.
2.  It permitted you to convert the machine representation to human
readable representation.
3.  It permitted you to convert the human readable input to machine
representation.
4.  It mapped labels (hierarchical sensitivity levels and
non-hierarchical categories) from one labeling policy to another (i.e.,
establish equivalency mapping)
5.  It allowed you to constrain labels since for some policies,
existence of a category may mean some categories, levels, may be
included and/or excluded.

Different labeling policies were indicated by different policy OID.

Some of the concept from that work may be applicable here.

> -----Original Message-----
> From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On
> Behalf Of Nicolas Williams
> Sent: Thursday, April 02, 2009 11:44 AM
> To: saag@ietf.org
> Cc: labeled-nfs@linux-nfs.org; selinux@tycho.nsa.gov;
> nfsv4@ietf.org; nfs-discuss@opensolaris.org
> Subject: [saag] Common labeled security (comment on CALIPSO,
> labeled NFSv4)
>
> Over at the NFSv4 WG we've been having a discussion of a
> labeled NFSv4 proposal.  [Note: NFSv4 WG and others cc'ed,
> Reply-To: set to SAAG.]
>
> An interop issue has arisen that we believe applies equally
> to CALIPSO (draft-stjohns-sipso-11.txt)and requires input
> from the IETF security area.
>
> The issue is: how do do nodes in a labeled
> network/application know if they agree on a common labeled
> security policy for a given DOI?
>
> Agreeing on a DOI is accomplished easily enough -- that's not
> an issue.
> Agreeing on what a given numeric sensitivity level or
> compartment bit means in a given DOI is quite another.
> Without a solution to this we're left with out-of-band
> agreement, which leaves interop in a lurch.
>
> I think we need a generic MLS and DTE labeled security policy
> document format that allows a DOI to define the names and
> numeric assignments of sensitivity levels, compartments, etcetera.
>
> We also need a way for nodes to agree that they have the same
> policy for a given DOI, or that they agree on a common subset
> of a DOI's policy.
>
> This last problem can be solved by use of a labeled security
> policy URI scheme that includes a version number (+ a
> requirement that changes be in the form of additions and
> obsolescence of old assignments, but not removals).
>
> To recap: I think we need a) a common MLS and DTE labeled
> security policy document format, b) a labeled security policy
> URI scheme to refer to such documents by.
>
> Given (a) and (b) NFSv4.x clients and servers would only have
> to exchange {DOI #, policy URI} tuples to determine whether
> they agree on a common policy.
>
> Note that CALIPSO describes how to encode and compare MLS
> labels on the wire, but it does not describe how nodes agree
> on the meaning of particular sensitivity levels or
> compartments.  Therefore CALIPSO is going to have much the
> same problem as NFSv4.
>
> Nico
> --
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag