[Cisspstudy] Bell-LaPadula Question?

J.E.G.A.N jaga4india at gmail.com
Sun Sep 6 00:36:09 EDT 2009 

Hi Clement,

 

    I got this from Shon Harris 4th Edition 

 

 “The Bell-LaPadula model focuses on ensuring that subjects are properly
authenticated-by having the necessary security clearance, need to know, and
formal access approval-before accessing an object”

 

This means need to know is one of the important factor for this model. Could
you please clarify this?

 

Thanks

Jegan

 

  _____  

From: cisspstudy-bounces at cccure.org [mailto:cisspstudy-bounces at cccure.org]
On Behalf Of Clement Dupuis
Sent: Friday, September 04, 2009 9:27 PM
To: The CISSP Study Mailing list
Subject: Re: [Cisspstudy] Bell-LaPadula Question?

 

The need to know is address by the use of labels.

Bell Lapadula was built to secure multilevel secure database.  They were
under Mandatory Access control.

The labels contain a security clearance (sensitivity) and also categories.
The categories enforces the need to know.

So it is definitively wrong

Take care

Clement

Clément Dupuis, CD
CISSP, GCFW, GCIA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS,
ACE
----------------------------------------------------------------------------
------------------
In real life:
Senior Security Specialist and Instructor
Security University
>>  Call me to get the best CISSP training  <<
----------------------------------------------------------------------------
------------------
In Cyberspace:
President/Security Evangelist/Chief Learning Officer (CLO)
The CCCure Family of Portals
----------------------------------------------------------------------------
------------------
Business:  407 479 3903
Fax:          407 264 8396 

Maintainer of :
The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org    

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org   

Knowledge sharing and giving back to the community



On Fri, Sep 4, 2009 at 09:32, Dallas, Michael J Civ USAF USAFE 100 CS/SCQ
<mike.dallas at mildenhall.af.mil> wrote:

I received this question in a practice exam provided by a recent ISC2 CBK
review seminar.  I was told the correct answer is C, however I don’t agree
with it as need-to-know would be an important factor with this model.  What
do you all think? My guess on this was D.

24.  What is one issue NOT addressed by the Bell-LaPadula model?

            (A)  Information flow control

            (B)  Security levels

            (C)  Need to Know

            (D)  Access modes

 

Thanks,

Mike


_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090906/07dac60d/attachment.html>

More information about the cisspstudy mailing list