[Public Interpretations Database]

I-0053: Public Objects And DAC

 
NUMBER:               I-0053
STATUS:               Approved by CCEVS Management and Mailed to Public Mailing
                      List

TITLE:                Public Objects And DAC
APPROVAL POSTING:     [announce 0402]

EFFECTIVE:            1995-01-12

REQUIREMENT:          Discretionary Access Control
CRITERIA CLASSES:     C1, C2, B1, B2, B3, A1
DOCUMENT(S):          <None>
RELATED TO:
     I-0250           Public Objects And DAC (C1-CI-03-89)

STATEMENT:

The following interprets the entire Discretionary Access Control requirement.

An object for which the TCB unconditionally permits all subjects ``read'' access shall be considered a public object, provided that only the TCB or privileged subjects may create, delete, or modify the object. No discretionary access checks or auditing are required for ``read'' accesses to such objects. Attempts to create, delete, or modify such objects shall be considered security-relevant events, and, therefore, controlled and auditable. Objects that all subjects can read must be, implicitly, system low.

PROJECTED IMPACT:

Negligible impact anticipated.

SUPPORT:

This is a restatement of formal interpretation C1-CI-03-89 ([announce 0126], I-0250).

A few products have special objects that are intended for unrestricted read (or execute) access by all subjects (e.g., a public library, message of the day, time of day clock). These objects are either updated by the TCB as part of its execution or updated by system administrative actions. To qualify they also must be a separate type of object, not just a few files in the file system. Requiring the usual type of DAC mechanism on such objects is not necessary and would not increase security.