<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7226.0">
<TITLE>security review of Performance spec</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=2 FACE="Arial">I've looked at the Performance spec from a security point of view and have the following comments/questions:</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">Have the real-time performance changes been tested on a system using an LSM such as SELinux? It is important that LSM security support not have to be traded off with performance (requirements or minimums), since the sacrifice of either would be undesirable. That is not to say that using an LSM will have no performance impact but rather that the performance requirements/minimums should not be so strict as to preclude the use of a reasonable and well-written LSM.</FONT></P>
<P><FONT SIZE=2 FACE="Arial">PRF.33.5 Prioritized protocol processing:</FONT>
<UL>
<P><FONT SIZE=2 FACE="Arial">The requirement should include security-related "guarantees" that this mechanism will not be abuseable by a user process to starve more critical processes of network packets.</FONT></P>
</UL>
<P><FONT SIZE=2 FACE="Arial">PRF.8.0 Page flushing:</FONT>
<BR> <FONT SIZE=2 FACE="Arial">The description states that this "may have security implications". If so (I wasn't able to determine any by reading on fsync()) then these should be explicitly stated or, better yet, mitigated.</FONT></P>
<P><FONT SIZE=2 FACE="Arial">Joseph Cihula</FONT>
<BR><FONT SIZE=2 FACE="Arial">(Linux) Software Security Architect</FONT>
<BR><FONT SIZE=2 FACE="Arial">Intel Corp.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">*** These opinions are not necessarily those of my employer ***</FONT>
</P>
</BODY>
</HTML>