Date: Thu, 24 Sep 1998 09:18:36 -0700 From: "George W. Dinolt" <George.W.Dinolt@lmco.com> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Brian Tao <taob@risc.org>, FREEBSD-CURRENT <freebsd-current@FreeBSD.ORG> Subject: Re: Limit 'ps' to show only user's processes Message-ID: <360A70DC.29BE32C5@lmco.com> References: <Pine.BSF.3.96.980924094715.27219B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi:
There was some work done in the 1970's and 1980's studying the kinds of
things you are discussing in this thread. The work was known as 'covert
channel' or
'information flow' analysis. Some of the work was done in the context of
Multilevel Security although obviously the concepts apply to other
systems as well. The basic idea was that a "low" user should not be able
to determine "high" information by analyzing system behavior visible to
the low user. (In addition, there was the hope that one could prevent a
high user from signaling information to a low user via manipulations of
the system resources visible to low users. (It should not be surprising
that this sounds slightly convoluted.)
If you are interested in this area you might find the section on
Information Flow Analysis in Morrie Gasser's book {\bf Building a Secure
Computer System} interesting. It gives a high level introduction to the
area and some pointers to other work.
Several of my colleagues and I have done covert channels analysis on
systems. As you have pointed out, removing the channels entirely is
often impossible and limiting the bandwidth to "reasonable" levels is
difficult. The mechanisms needed to limit the bandwidth often interfere
with other features the system is supposed to provide.
--
Regards,
George W. Dinolt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?360A70DC.29BE32C5>