[Cisspstudy] Security Models

Ashraf Amin ashraf_amin01 at hotmail.com
Sun Jun 28 06:46:57 EDT 2009 



 
Shon Harris, Fourth Edition page 345
" Let’s say that Tom and Kathy are both working on a multilevel mainframe at the
same time. Tom has the security clearance of secret and Kathy has the security clearance
of top secret. Since this is a central mainframe, the terminal Tom is working at has the
context of secret, and Kathy is working at her own terminal, which has a context of top
secret. This model states that nothing Kathy does at her terminal should directly or indirectly
affect Tom’s domain (available resources and working environment). So whatever
commands she executes or whichever resources she interacts with should not affect
Tom’s experience of working with the mainframe in any way."

 

HTP :)

Besr Regards,

Ashraf Amin



 







 



Date: Sun, 28 Jun 2009 06:34:16 -0400
From: belinda.foster at gmail.com
To: cisspstudy at cccure.org
Subject: Re: [Cisspstudy] Security Models


Ashraf and Nicolas --
 
I am totally lost........Would the Noninterference Model allow Don to work on the same production code that the staff is currently using, and the staff wouldn't be affected by his changes?
 
Please help me understand.
 
Thanks,


On Sun, Jun 28, 2009 at 12:56 AM, Ashraf Amin <ashraf_amin01 at hotmail.com> wrote:




Noninterference

---
Best Regards,
Ashraf Amin


 







  


Date: Fri, 26 Jun 2009 08:21:29 -0400
From: belinda.foster at gmail.com
To: cisspstudy at cccure.org
Subject: Re: [Cisspstudy] Security Models 





Nimal --
 
Don should not be developing/working on code that's in production.  Period.  If I had to decide on a certain security model, I'd fail this question for sure because him working on code that staff members are affected by is a MAJOR distractor within this paragraph.
 
Belinda.


On Thu, Jun 25, 2009 at 5:10 PM, Nimal Gunarathna <ng949 at yahoo.com> wrote:






Hi,
 
This question is from Shon H's CISSP V4 Quiz Engine. I immediatly thought that this fall
into a certain security model based on a key statement here but I was wrong. Anyway you guys could dissect this ... 
 
Don is a senior manager of an architectural firm. He has just found out that a key contract was renewed, allowing the company to continue developing an operating system that was idle for several months. Excited to get started, Don begins work in the operating system privately, but cannot tell his staff until the news is announced publicly in a few days. However, as Don begins making changes in the software, various staff members notice changes in their connected systems, even though they work in a lower-security level. What kind of model could be used to ensure this does not happen?
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org






Upgrade to Internet Explorer 8 Optimised for MSN. Download Now
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_________________________________________________________________
Share your photos with Windows Live Photos – Free.
http://clk.atdmt.com/UKM/go/134665338/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090628/f38d71f9/attachment.html>

More information about the cisspstudy mailing list