> From: dOE [mailto:doep...@gmail.com] > Subject: Re: Security issues sending broadcast traffic. > > It is generally safer for a higher security zone to have > read\write access to a lower security zone. It would be > more of a risk for the lower zone to be able to read\write > to the higher zone.
Not correct (speaking from experience of getting a B1 rating for our proprietary OS). We're talking about sending messages here, not direct reads or writes. Whenever a higher security component sends a message to a lower security one, there is the risk that the higher security component might be including information classified at that higher security level that should not be visible to any lower security componenents. Any higher security entity must be evaluated and trusted before it can be allowed to participate in such potential declassification. (E.g., an authentication provider has to be validated not to disclose the passwords it has access to.) A lower security component may always send a message to a higher security one, and a higher security one may always read messages from lower security components. > The application in the higher zone sends a multi-cast > broadcast to nodes in its broadcast domain to indicate > "changes" (whatever it may be be). Doesn't sound like much of a declassification risk, as long as you trust the higher zone application not to accidentally broadcast information it is privy to (e.g., junk left over in transmission buffers or reused character/byte arrays). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
