[Cisspstudy] Bell-LaPadula Question?

Clement Dupuis clement.dupuis at cccure.com
Sun Sep 6 08:54:27 EDT 2009 

Yes, the need to know is being addressed within the Bell Lapadula model.  It
is based on the Orange Book.

The fact that you have a Top Secret security clearance as a user does not
mean that you can access any Top Secret document, it simply mean that you
can access any document for which you have a need to know.

Do take care

Clement

P.S.  The object classification is specified within the label attached to
the object,  the label also contain categories which are used to enforce the
need to know.


Clément Dupuis, CD
CISSP, GCFW, GCIA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS,
 ACE
----------------------------------------------------------------------------------------------
In real life:
Senior Security Specialist and Instructor
Security University
>>  Call me to get the best CISSP training  <<
----------------------------------------------------------------------------------------------
In Cyberspace:
President/Security Evangelist/Chief Learning Officer (CLO)
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Business:  407 479 3903
Fax:          407 264 8396

Maintainer of :
The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org

Knowledge sharing and giving back to the community


On Sun, Sep 6, 2009 at 00:36, J.E.G.A.N <jaga4india at gmail.com> wrote:

>  Hi Clement,
>
>
>
>     I got this from Shon Harris 4th Edition
>
>
>
>  “The Bell-LaPadula model focuses on ensuring that subjects are properly
> authenticated-by having the necessary security clearance, need to know, and
> formal access approval-before accessing an object”
>
>
>
> This means need to know is one of the important factor for this model.
> Could you please clarify this?
>
>
>
> Thanks
>
> Jegan
>
>
>  ------------------------------
>
> *From:* cisspstudy-bounces at cccure.org [mailto:
> cisspstudy-bounces at cccure.org] *On Behalf Of *Clement Dupuis
> *Sent:* Friday, September 04, 2009 9:27 PM
> *To:* The CISSP Study Mailing list
> *Subject:* Re: [Cisspstudy] Bell-LaPadula Question?
>
>
>
> The need to know is address by the use of labels.
>
> Bell Lapadula was built to secure multilevel secure database.  They were
> under Mandatory Access control.
>
> The labels contain a security clearance (sensitivity) and also
> categories.   The categories enforces the need to know.
>
> So it is definitively wrong
>
> Take care
>
> Clement
>
> Clément Dupuis, CD
> CISSP, GCFW, GCIA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS,
>  ACE
>
> ----------------------------------------------------------------------------------------------
> In real life:
> Senior Security Specialist and Instructor
> Security University
> >>  Call me to get the best CISSP training  <<
>
> ----------------------------------------------------------------------------------------------
> In Cyberspace:
> President/Security Evangelist/Chief Learning Officer (CLO)
> The CCCure Family of Portals
>
> ----------------------------------------------------------------------------------------------
> Business:  407 479 3903
> Fax:          407 264 8396
>
> Maintainer of :
> The CISSP and SSCP Open Study Guides Web Site
> http://www.cccure.org
>
> The Professional Security Testers Warehouse
> http://www.professionalsecuritytesters.org
>
> Knowledge sharing and giving back to the community
>
>  On Fri, Sep 4, 2009 at 09:32, Dallas, Michael J Civ USAF USAFE 100 CS/SCQ
> <mike.dallas at mildenhall.af.mil> wrote:
>
> I received this question in a practice exam provided by a recent ISC2 CBK
> review seminar.  I was told the correct answer is C, however I don’t agree
> with it as need-to-know would be an important factor with this model.  What
> do you all think? My guess on this was D.
>
> 24.  What is one issue NOT addressed by the Bell-LaPadula model?
>
>             (A)  Information flow control
>
>             (B)  Security levels
>
>             (C)  Need to Know
>
>             (D)  Access modes
>
>
>
> Thanks,
>
> Mike
>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090906/63db3463/attachment-0001.html>

More information about the cisspstudy mailing list