Re: security, permission models

We are just beginning to work with labeled documents which is really what MCS is. A couple of use cases would be to label a file as CompanyConfidential and then make the mailer systems smart enough to only mail CompanyConfidential files to internal mail addresses/list. IE Prevent accidental leakage of confidential material. Similarly MLS requires labeled printing. This feature is being added to cups to allow the printing of Headers and Footers with CompanyConfidential or PatientRecord. As an added feature, the printers will be labeled. Use case would be someone printing a PatientRecord and the default printer was at receptionist desk, the print job would not be allowed, but if they chose the Lab Printer it would work. Finally for your last example of labeling a document Family. We would like to eventually add some SELinux/Labeled Document awareness to applications like Apache, Samba even ftp, so you could start to look at the labeled Network of the connecting process, and then allow access based on the access capabilities of the connecting process. Admittedly this is away off, but the we have the building blocks in place with SELinux Labels to do this now.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]