[Cisspstudy] Bell-Lapadula?

Clement Dupuis clement.dupuis at cccure.com
Fri Sep 4 14:36:28 EDT 2009 

Bell Lapadula does address flow control.

It will not allow the information to flow in a way that would compromise
Confidentiality such as allowed a Secret document to be written into a
confidential container for example.  BLP has to be combined with the flow
model and the state model to achieve something useful in real life

Take care

Clement

Clément Dupuis, CD
CISSP, GCFW, GCIA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS,
 ACE
----------------------------------------------------------------------------------------------
In real life:
Senior Security Specialist and Instructor
Security University
>>  Call me to get the best CISSP training  <<
----------------------------------------------------------------------------------------------
In Cyberspace:
President/Security Evangelist/Chief Learning Officer (CLO)
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Business:  407 479 3903
Fax:          407 264 8396

Maintainer of :
The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org

Knowledge sharing and giving back to the community


On Fri, Sep 4, 2009 at 14:27, <An.Dang at do.treas.gov> wrote:

> A) is very tempting as well ... or you can argue out of it because the word
> "control" ... involves with label.
>
> My review seminar instructor also gave the answer to a question for
> "certification" as "a set of technical ... by technical staff" while the CBK
> CD gave a different answer as well.
>
>
> ----- Original Message -----
> From: cisspstudy-bounces at cccure.org <cisspstudy-bounces at cccure.org>
> To: cisspstudy at cccure.org <cisspstudy at cccure.org>
> Sent: Fri Sep 04 12:00:01 2009
> Subject: cisspstudy Digest, Vol 15, Issue 7
>
> Send cisspstudy mailing list submissions to
>        cisspstudy at cccure.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> or, via email, send a message with subject or body 'help' to
>        cisspstudy-request at cccure.org
>
> You can reach the person managing the list at
>        cisspstudy-owner at cccure.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cisspstudy digest..."
>
>
> Today's Topics:
>
>   1. Bell-LaPadula Question?
>      (Dallas, Michael J Civ USAF USAFE 100 CS/SCQ)
>   2. Re: Bell-LaPadula Question? (Clement Dupuis)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 4 Sep 2009 14:32:07 +0100
> From: "Dallas, Michael J Civ USAF USAFE 100 CS/SCQ"
>        <mike.dallas at mildenhall.af.mil>
> To: "'cisspstudy at cccure.org'" <cisspstudy at cccure.org>
> Subject: [Cisspstudy] Bell-LaPadula Question?
> Message-ID:
>        <200909041321.n84DLgKl036775 at mset-fwl-002.lakenheath.af.mil>
> Content-Type: text/plain; charset="us-ascii"
>
> I received this question in a practice exam provided by a recent ISC2 CBK
> review seminar.  I was told the correct answer is C, however I don't agree
> with it as need-to-know would be an important factor with this model.  What
> do you all think? My guess on this was D.
> 24.  What is one issue NOT addressed by the Bell-LaPadula model?
>            (A)  Information flow control
>            (B)  Security levels
>            (C)  Need to Know
>            (D)  Access modes
>
> Thanks,
> Mike
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090904/0af558f6/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Fri, 4 Sep 2009 11:56:52 -0400
> From: Clement Dupuis <clement.dupuis at cccure.com>
> To: The CISSP Study Mailing list <cisspstudy at cccure.org>
> Subject: Re: [Cisspstudy] Bell-LaPadula Question?
> Message-ID:
>        <959788640909040856y707aa912qad05febc04e63f50 at mail.gmail.com>
> Content-Type: text/plain; charset="windows-1252"
>
> The need to know is address by the use of labels.
>
> Bell Lapadula was built to secure multilevel secure database.  They were
> under Mandatory Access control.
>
> The labels contain a security clearance (sensitivity) and also categories.
> The categories enforces the need to know.
>
> So it is definitively wrong
>
> Take care
>
> Clement
>
> Cl?ment Dupuis, CD
> CISSP, GCFW, GCIA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS,
>  ACE
>
> ----------------------------------------------------------------------------------------------
> In real life:
> Senior Security Specialist and Instructor
> Security University
> >>  Call me to get the best CISSP training  <<
>
> ----------------------------------------------------------------------------------------------
> In Cyberspace:
> President/Security Evangelist/Chief Learning Officer (CLO)
> The CCCure Family of Portals
>
> ----------------------------------------------------------------------------------------------
> Business:  407 479 3903
> Fax:          407 264 8396
>
> Maintainer of :
> The CISSP and SSCP Open Study Guides Web Site
> http://www.cccure.org
>
> The Professional Security Testers Warehouse
> http://www.professionalsecuritytesters.org
>
> Knowledge sharing and giving back to the community
>
>
> On Fri, Sep 4, 2009 at 09:32, Dallas, Michael J Civ USAF USAFE 100 CS/SCQ <
> mike.dallas at mildenhall.af.mil> wrote:
>
> >  I received this question in a practice exam provided by a recent ISC2
> CBK
> > review seminar.  I was told the correct answer is C, however I don?t
> agree
> > with it as need-to-know would be an important factor with this model.
>  What
> > do you all think? My guess on this was D.
> >
> > 24.  What is one issue NOT addressed by the Bell-LaPadula model?
> >
> >             (A)  Information flow control
> >
> >             (B)  Security levels
> >
> >             (C)  Need to Know
> >
> >             (D)  Access modes
> >
> >
> >
> > Thanks,
> >
> > Mike
> >
> > _______________________________________________
> > cisspstudy mailing list
> > cisspstudy at cccure.org
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090904/99e6f2f7/attachment-0001.html
> >
>
> ------------------------------
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
> End of cisspstudy Digest, Vol 15, Issue 7
> *****************************************
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090904/00085998/attachment.html>

More information about the cisspstudy mailing list