[Cisspstudy] cisspstudy Digest, Vol 12, Issue 17

Nimal Gunarathna ng949 at yahoo.com
Wed Jun 17 23:02:15 EDT 2009 

CISSP All in One - Shon Harris V4 - Page 360
 
Orange Book:
 
B2 - Structured protection= security policy, must not allow cover channels, no trap door exists
B3 - Security Domains = Highly secure environment, small reference monitor, sec admin role clear

--- On Wed, 6/17/09, cisspstudy-request at cccure.org <cisspstudy-request at cccure.org> wrote:


From: cisspstudy-request at cccure.org <cisspstudy-request at cccure.org>
Subject: cisspstudy Digest, Vol 12, Issue 17
To: cisspstudy at cccure.org
Date: Wednesday, June 17, 2009, 7:46 PM


Send cisspstudy mailing list submissions to
    cisspstudy at cccure.org

To subscribe or unsubscribe via the World Wide Web, visit
    http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
    cisspstudy-request at cccure.org

You can reach the person managing the list at
    cisspstudy-owner at cccure.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisspstudy digest..."


Today's Topics:

   1. Re: Here's another one ... (Holland, Brandon)
   2. Re: cisspstudy Digest, Vol 12, Issue 16 (An.Dang at do.treas.gov)
   3. Re: Would this fool you? (Sergio Pantoja)


----------------------------------------------------------------------

Message: 1
Date: Wed, 17 Jun 2009 14:50:16 -0500
From: "Holland, Brandon" <hollandb at frmaint.com>
Subject: Re: [Cisspstudy] Here's another one ...
To: "The CISSP Study Mailing list" <cisspstudy at cccure.org>
Message-ID:
    <B5E0B4818A669C49A9C22199D9C389F8118AC6AB at MAIL.frmaint.com>
Content-Type: text/plain;    charset="us-ascii"

I was about to say... wikipedia says B3 introduces timing...  I would've
gotten it wrong... thanks for sharing and I'll add that to what to
remember for the B3 channel...

-----Original Message-----
From: cisspstudy-bounces at cccure.org
[mailto:cisspstudy-bounces at cccure.org] On Behalf Of Belinda Foster
Sent: Wednesday, June 17, 2009 2:46 PM
To: The CISSP Study Mailing list
Subject: Re: [Cisspstudy] Here's another one ...

You are half right.....for both storage and timing, that's at B3 (where
timing is introduced).


On Wed, Jun 17, 2009 at 3:43 PM, Lamey, Phillip <phillip.lamey at cgi.com>
wrote:


    

     

    I thought Cover Channel Analysis was addressed at TCSEC level B2
... Am I missing something here?

     

    Phil Lamey, P.Eng.

    CGI Senior Consultant

    (506) 458-5020 ext. 5121

     


    _______________________________________________
    cisspstudy mailing list
    cisspstudy at cccure.org
    http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
    
    





------------------------------

Message: 2
Date: Wed, 17 Jun 2009 16:01:04 -0400
From: An.Dang at do.treas.gov
Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 12, Issue 16
To: cisspstudy at cccure.org
Message-ID:
    <AE177CAE7814224ABE82FF33FC89523304DE8F3F at D01EXC2P.do.treas.gov>
Content-Type: text/plain; charset=us-ascii

The CBK says B3 (or above) is data layering or hiding

-----Original Message-----
From: cisspstudy-bounces at cccure.org
[mailto:cisspstudy-bounces at cccure.org] On Behalf Of
cisspstudy-request at cccure.org
Sent: Wednesday, June 17, 2009 3:47 PM
To: cisspstudy at cccure.org
Subject: cisspstudy Digest, Vol 12, Issue 16

Send cisspstudy mailing list submissions to
    cisspstudy at cccure.org

To subscribe or unsubscribe via the World Wide Web, visit
    http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
    cisspstudy-request at cccure.org

You can reach the person managing the list at
    cisspstudy-owner at cccure.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisspstudy digest..."


Today's Topics:

   1. Re: Here's another one ... (Belinda Foster)


----------------------------------------------------------------------

Message: 1
Date: Wed, 17 Jun 2009 15:46:27 -0400
From: Belinda Foster <belinda.foster at gmail.com>
Subject: Re: [Cisspstudy] Here's another one ...
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Message-ID:
    <f19cf76b0906171246h3d1d2472l3ea57e045df64492 at mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"

You are half right.....for both storage and timing, that's at B3 (where
timing is introduced).

On Wed, Jun 17, 2009 at 3:43 PM, Lamey, Phillip
<phillip.lamey at cgi.com>wrote:

>
>
> I thought Cover Channel Analysis was addressed at TCSEC level B2 ? Am
I
> missing something here?
>
>
>
> Phil Lamey, P.Eng.
>
> *CGI Senior Consultant*
>
> *(506) 458-5020 ext. 5121*
>
>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090617/
f41158aa/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 22504 bytes
Desc: not available
URL:
<http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090617/
f41158aa/attachment.png>

------------------------------

_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


End of cisspstudy Digest, Vol 12, Issue 16
******************************************



------------------------------

Message: 3
Date: Wed, 17 Jun 2009 20:46:29 -0400
From: Sergio Pantoja <spantoja at gmail.com>
Subject: Re: [Cisspstudy] Would this fool you?
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Message-ID:
    <c3227e2d0906171746p69a494eaob9de4705ee3b06ed at mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"

IIRC TCSEC is about OS,App and Systems and not only OS.

On Wed, Jun 17, 2009 at 3:38 PM, Lamey, Phillip <phillip.lamey at cgi.com>wrote:

>
>
> I thought that TCSEC was only concerned with the mechanisms implemented
> within an OS ? and since the TCB originated from TCSEC ? I got fooled.
>
>
>
> Would it have fooled you?
>
>
>
> I write next week ? I am stressing J
>
>
>
> Phil Lamey, P.Eng.
>
> *CGI Senior Consultant*
>
> *(506) 458-5020 ext. 5121*
>
>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>


-- 
Sergio Pantoja H.
spantoja at gmail.com
System, Network and Security Administrator
Linux User register #239475
Mandrake Club Member
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090617/82545786/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 32801 bytes
Desc: not available
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090617/82545786/attachment.png>

------------------------------

_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


End of cisspstudy Digest, Vol 12, Issue 17
******************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090617/4d6de3e0/attachment.html>

More information about the cisspstudy mailing list