[Cisspstudy] cisspstudy Digest, Vol 12, Issue 58
Nimal Gunarathna
ng949 at yahoo.com
Sun Jun 28 12:32:41 EDT 2009
We can not argue with ISC2 as to how they make questions but rather mark the best possible answer during the exam. Answer to this question is Noninterference Model.
This model states that activities performed at one security level should not be seen by, or affect, subjects at a different security level.
Nimal
--- On Sun, 6/28/09, cisspstudy-request at cccure.org <cisspstudy-request at cccure.org> wrote:
From: cisspstudy-request at cccure.org <cisspstudy-request at cccure.org>
Subject: cisspstudy Digest, Vol 12, Issue 58
To: cisspstudy at cccure.org
Date: Sunday, June 28, 2009, 11:00 AM
Send cisspstudy mailing list submissions to
cisspstudy at cccure.org
To subscribe or unsubscribe via the World Wide Web, visit
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
cisspstudy-request at cccure.org
You can reach the person managing the list at
cisspstudy-owner at cccure.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisspstudy digest..."
Today's Topics:
1. Re: Security Models (Ashraf Amin)
2. Re: Security Models (Belinda Foster)
3. Re: Security Models (Ashraf Amin)
----------------------------------------------------------------------
Message: 1
Date: Sun, 28 Jun 2009 04:56:39 +0000
From: Ashraf Amin <ashraf_amin01 at hotmail.com>
Subject: Re: [Cisspstudy] Security Models
To: <cisspstudy at cccure.org>
Message-ID: <BAY133-W11B377CC12320A6BE6722B95330 at phx.gbl>
Content-Type: text/plain; charset="iso-8859-1"
Noninterference
---
Best Regards,
Ashraf Amin
Date: Fri, 26 Jun 2009 08:21:29 -0400
From: belinda.foster at gmail.com
To: cisspstudy at cccure.org
Subject: Re: [Cisspstudy] Security Models
Nimal --
Don should not be developing/working on code that's in production. Period. If I had to decide on a certain security model, I'd fail this question for sure because him working on code that staff members are affected by is a MAJOR distractor within this paragraph.
Belinda.
On Thu, Jun 25, 2009 at 5:10 PM, Nimal Gunarathna <ng949 at yahoo.com> wrote:
Hi,
This question is from Shon H's CISSP V4 Quiz Engine. I immediatly thought that this fall
into a certain security model based on a key statement here but I was wrong. Anyway you guys could dissect this ...
Don is a senior manager of an architectural firm. He has just found out that a key contract was renewed, allowing the company to continue developing an operating system that was idle for several months. Excited to get started, Don begins work in the operating system privately, but cannot tell his staff until the news is announced publicly in a few days. However, as Don begins making changes in the software, various staff members notice changes in their connected systems, even though they work in a lower-security level. What kind of model could be used to ensure this does not happen?
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
_________________________________________________________________
Get the best of MSN on your mobile
http://clk.atdmt.com/UKM/go/147991039/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090628/5012a5f6/attachment-0001.html>
------------------------------
Message: 2
Date: Sun, 28 Jun 2009 06:34:16 -0400
From: Belinda Foster <belinda.foster at gmail.com>
Subject: Re: [Cisspstudy] Security Models
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Message-ID:
<f19cf76b0906280334i77f6aa50rc365e62e607a9a54 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Ashraf and Nicolas --
I am totally lost........Would the Noninterference Model allow Don to work
on the same production code that the staff is currently using, and the staff
wouldn't be affected by his changes?
Please help me understand.
Thanks,
On Sun, Jun 28, 2009 at 12:56 AM, Ashraf Amin <ashraf_amin01 at hotmail.com>wrote:
> Noninterference
> ---
> Best Regards,
> Ashraf Amin
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------
> Date: Fri, 26 Jun 2009 08:21:29 -0400
> From: belinda.foster at gmail.com
> To: cisspstudy at cccure.org
> Subject: Re: [Cisspstudy] Security Models
>
>
> Nimal --
>
> Don should not be developing/working on code that's in production.
> Period. If I had to decide on a certain security model, I'd fail this
> question for sure because him working on code that staff members are
> affected by is a MAJOR distractor within this paragraph.
>
> Belinda.
>
> On Thu, Jun 25, 2009 at 5:10 PM, Nimal Gunarathna <ng949 at yahoo.com> wrote:
>
> Hi,
>
> This question is from Shon H's CISSP V4 Quiz Engine. I immediatly thought
> that this fall
> into a certain security model based on a key statement here but I was
> wrong. Anyway you guys could dissect this ...
>
> Don is a senior manager of an architectural firm. He has just found out
> that a key contract was renewed, allowing the company to continue developing
> an operating system that was idle for several months. Excited to get
> started, Don begins work in the operating system privately, but cannot tell
> his staff until the news is announced publicly in a few days. However, as
> Don begins making changes in the software, various staff members notice
> changes in their connected systems, even though they work in a
> lower-security level. What kind of model could be used to ensure this does
> not happen?
> <cisspstudy at cccure.org>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
>
> ------------------------------
> Upgrade to Internet Explorer 8 Optimised for MSN. Download Now<http://extras.uk.msn.com/internet-explorer-8/?ocid=T010MSN07A0716U>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090628/cc90daef/attachment-0001.html>
------------------------------
Message: 3
Date: Sun, 28 Jun 2009 10:46:57 +0000
From: Ashraf Amin <ashraf_amin01 at hotmail.com>
Subject: Re: [Cisspstudy] Security Models
To: <cisspstudy at cccure.org>
Message-ID: <BAY133-W13680CCFCC0DC592F8639F95330 at phx.gbl>
Content-Type: text/plain; charset="windows-1252"
Shon Harris, Fourth Edition page 345
" Let?s say that Tom and Kathy are both working on a multilevel mainframe at the
same time. Tom has the security clearance of secret and Kathy has the security clearance
of top secret. Since this is a central mainframe, the terminal Tom is working at has the
context of secret, and Kathy is working at her own terminal, which has a context of top
secret. This model states that nothing Kathy does at her terminal should directly or indirectly
affect Tom?s domain (available resources and working environment). So whatever
commands she executes or whichever resources she interacts with should not affect
Tom?s experience of working with the mainframe in any way."
HTP :)
Besr Regards,
Ashraf Amin
Date: Sun, 28 Jun 2009 06:34:16 -0400
From: belinda.foster at gmail.com
To: cisspstudy at cccure.org
Subject: Re: [Cisspstudy] Security Models
Ashraf and Nicolas --
I am totally lost........Would the Noninterference Model allow Don to work on the same production code that the staff is currently using, and the staff wouldn't be affected by his changes?
Please help me understand.
Thanks,
On Sun, Jun 28, 2009 at 12:56 AM, Ashraf Amin <ashraf_amin01 at hotmail.com> wrote:
Noninterference
---
Best Regards,
Ashraf Amin
Date: Fri, 26 Jun 2009 08:21:29 -0400
From: belinda.foster at gmail.com
To: cisspstudy at cccure.org
Subject: Re: [Cisspstudy] Security Models
Nimal --
Don should not be developing/working on code that's in production. Period. If I had to decide on a certain security model, I'd fail this question for sure because him working on code that staff members are affected by is a MAJOR distractor within this paragraph.
Belinda.
On Thu, Jun 25, 2009 at 5:10 PM, Nimal Gunarathna <ng949 at yahoo.com> wrote:
Hi,
This question is from Shon H's CISSP V4 Quiz Engine. I immediatly thought that this fall
into a certain security model based on a key statement here but I was wrong. Anyway you guys could dissect this ...
Don is a senior manager of an architectural firm. He has just found out that a key contract was renewed, allowing the company to continue developing an operating system that was idle for several months. Excited to get started, Don begins work in the operating system privately, but cannot tell his staff until the news is announced publicly in a few days. However, as Don begins making changes in the software, various staff members notice changes in their connected systems, even though they work in a lower-security level. What kind of model could be used to ensure this does not happen?
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Upgrade to Internet Explorer 8 Optimised for MSN. Download Now
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
_________________________________________________________________
Share your photos with Windows Live Photos ? Free.
http://clk.atdmt.com/UKM/go/134665338/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090628/f38d71f9/attachment-0001.html>
------------------------------
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
End of cisspstudy Digest, Vol 12, Issue 58
******************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090628/ab36617a/attachment-0001.html>
More information about the cisspstudy
mailing list