Using Security Labels › Verifying User Access to An Object
Verifying User Access to An Object
After a user has successfully logged onto the system, their security label becomes attached to their address space. When the user tries to access an object, CA Top Secret performs two checks: a MAC check and a DAC check. The MAC check compares the user's label with the object's label to establish the label dominance relationship. The DAC check determines if a rule exists that permits the user to access the object and what type of access is permitted. If MAC permits the access, DAC is performed. If the MAC check fails, no DAC check is performed.
Access is granted according to the following criteria:
- If the user requesting the access is trusted or has bypass attributes in their acid, MAC checking is bypassed but logged by CA Top Secret, if the MLS mode is WARN, or FAIL.
- If the MLS mode is DORM, MAC checking is bypassed without logging; only DAC checking is performed.
The following applies if write-down is not restricted:
- If a user requests READ, EXECUTE, or CREATE access, CA Top Secret checks to see if the security label of the user dominates the security label of the object. If MAC permits the access, DAC checking is performed to ultimately allow or deny the access.
- If the user requests WRITE access, CA Top Secret checks to see if the security label of the user dominates the security label of the object or the security label of the object dominates the security label of the user, for example, the labels must not be disjoint. If MAC permits the access, DAC checking is performed to ultimately allow or deny the access.
- If a user requests ALL, UPDATE or SCRATCH access, CA Top Secret checks to see if the security label of the user dominates the security label of the object. If MAC permits the access, DAC checking is performed to ultimately allow or deny the access.
The following applies if write-down is restricted:
- If a user requests READ, EXECUTE or CREATE access, CA Top Secret checks to see if the security label of the user dominates the security label of the object. If MAC permits the access, DAC checking is performed to ultimately allow or deny the access.
- If a user requests UPDATE or SCRATCH access, CA Top Secret checks to see if the security label of the user is equivalent to the security label of the object. If MAC permits the access, DAC checking is performed to ultimately allow or deny the access.
- If the user requests WRITE access, CA Top Secret checks to see if the security label of the object dominates the security label of the user. If MAC permits the access, DAC checking is performed to ultimately allow or deny the access.
- If a user requests ALL access, CA Top Secret checks to see if the security label of the user is equivalent to the security label of the object. If MAC permits the access, DAC checking is performed to ultimately allow or deny the access.
Copyright © 2010 CA Technologies.
All rights reserved.
|
|