[Cisspstudy] Security Models

Belinda Foster belinda.foster at gmail.com
Sun Jun 28 16:29:55 EDT 2009 

Ashraf --

Thanks for that snippet, and for pointing me to that page.  I went back and
re-read it (I didn't have anything highlighted on that page......so I either
didn't understand it, took it for granted, or ???).  This book is filled
with soooo much information, I probably need to read it 3-4 times to get it
all.

All clear now.

Many thanks,

On Sun, Jun 28, 2009 at 6:46 AM, Ashraf Amin <ashraf_amin01 at hotmail.com>wrote:

>
>
> Shon Harris, Fourth Edition page 345
>
> " Let’s say that Tom and Kathy are both working on a multilevel mainframe
> at the
>
> same time. Tom has the security clearance of secret and Kathy has the
> security clearance
>
> of top secret. Since this is a central mainframe, the terminal Tom is
> working at has the
>
> context of secret, and Kathy is working at her own terminal, which has a
> context of top
>
> secret. This model states that nothing Kathy does at her terminal should
> directly or indirectly
>
> affect Tom’s domain (available resources and working environment). So
> whatever
>
> commands she executes or whichever resources she interacts with should not
> affect
> Tom’s experience of working with the mainframe in any way."
>
> HTP :)
> Besr Regards,
> Ashraf Amin
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------
> Date: Sun, 28 Jun 2009 06:34:16 -0400
>
> From: belinda.foster at gmail.com
> To: cisspstudy at cccure.org
> Subject: Re: [Cisspstudy] Security Models
>
> Ashraf and Nicolas --
>
> I am totally lost........Would the Noninterference Model allow Don to work
> on the same production code that the staff is currently using, and the staff
> wouldn't be affected by his changes?
>
> Please help me understand.
>
> Thanks,
>
> On Sun, Jun 28, 2009 at 12:56 AM, Ashraf Amin <ashraf_amin01 at hotmail.com>wrote:
>
>  Noninterference
>
> ---
> Best Regards,
> Ashraf Amin
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------
> Date: Fri, 26 Jun 2009 08:21:29 -0400
> From: belinda.foster at gmail.com
> To: cisspstudy at cccure.org
> Subject: Re: [Cisspstudy] Security Models
>
>
> Nimal --
>
> Don should not be developing/working on code that's in production.
> Period.  If I had to decide on a certain security model, I'd fail this
> question for sure because him working on code that staff members are
> affected by is a MAJOR distractor within this paragraph.
>
> Belinda.
>
> On Thu, Jun 25, 2009 at 5:10 PM, Nimal Gunarathna <ng949 at yahoo.com> wrote:
>
>   Hi,
>
> This question is from Shon H's CISSP V4 Quiz Engine. I immediatly thought
> that this fall
> into a certain security model based on a key statement here but I was
> wrong. Anyway you guys could dissect this ...
>
> Don is a senior manager of an architectural firm. He has just found out
> that a key contract was renewed, allowing the company to continue developing
> an operating system that was idle for several months. Excited to get
> started, Don begins work in the operating system privately, but cannot tell
> his staff until the news is announced publicly in a few days. However, as
> Don begins making changes in the software, various staff members notice
> changes in their connected systems, even though they work in a
> lower-security level. What kind of model could be used to ensure this does
> not happen?
> <cisspstudy at cccure.org>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
>
>  ------------------------------
> Upgrade to Internet Explorer 8 Optimised for MSN. Download Now<http://extras.uk.msn.com/internet-explorer-8/?ocid=T010MSN07A0716U>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
>
> ------------------------------
> View your Twitter and Flickr updates from one place – Learn more!<http://clk.atdmt.com/UKM/go/137984870/direct/01/>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090628/24f1042a/attachment.html>

More information about the cisspstudy mailing list