[Cisspstudy] Bell-Lapadula?

Vardhan, Aditya {PI} aditya.vardhan at intl.pepsico.com
Mon Sep 7 03:23:39 EDT 2009 

Hi Clement,

What is the best answer....

 

From: cisspstudy-bounces at cccure.org [mailto:cisspstudy-bounces at cccure.org] On Behalf Of Clement Dupuis
Sent: Saturday, September 05, 2009 12:06 AM
To: The CISSP Study Mailing list
Subject: Re: [Cisspstudy] Bell-Lapadula?

 

Bell Lapadula does address flow control.

It will not allow the information to flow in a way that would compromise Confidentiality such as allowed a Secret document to be written into a confidential container for example.  BLP has to be combined with the flow model and the state model to achieve something useful in real life

Take care

Clement

Clément Dupuis, CD
CISSP, GCFW, GCIA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS,  ACE
----------------------------------------------------------------------------------------------
In real life:
Senior Security Specialist and Instructor
Security University
>>  Call me to get the best CISSP training  <<
----------------------------------------------------------------------------------------------
In Cyberspace:
President/Security Evangelist/Chief Learning Officer (CLO)
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Business:  407 479 3903
Fax:          407 264 8396 

Maintainer of :
The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org    

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org   

Knowledge sharing and giving back to the community



On Fri, Sep 4, 2009 at 14:27, <An.Dang at do.treas.gov> wrote:

A) is very tempting as well ... or you can argue out of it because the word "control" ... involves with label.

My review seminar instructor also gave the answer to a question for "certification" as "a set of technical ... by technical staff" while the CBK CD gave a different answer as well.


----- Original Message -----
From: cisspstudy-bounces at cccure.org <cisspstudy-bounces at cccure.org>
To: cisspstudy at cccure.org <cisspstudy at cccure.org>
Sent: Fri Sep 04 12:00:01 2009
Subject: cisspstudy Digest, Vol 15, Issue 7

Send cisspstudy mailing list submissions to
       cisspstudy at cccure.org

To subscribe or unsubscribe via the World Wide Web, visit
       http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
       cisspstudy-request at cccure.org

You can reach the person managing the list at
       cisspstudy-owner at cccure.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisspstudy digest..."


Today's Topics:

  1. Bell-LaPadula Question?
     (Dallas, Michael J Civ USAF USAFE 100 CS/SCQ)
  2. Re: Bell-LaPadula Question? (Clement Dupuis)


----------------------------------------------------------------------

Message: 1
Date: Fri, 4 Sep 2009 14:32:07 +0100
From: "Dallas, Michael J Civ USAF USAFE 100 CS/SCQ"
       <mike.dallas at mildenhall.af.mil>
To: "'cisspstudy at cccure.org'" <cisspstudy at cccure.org>
Subject: [Cisspstudy] Bell-LaPadula Question?
Message-ID:
       <200909041321.n84DLgKl036775 at mset-fwl-002.lakenheath.af.mil>
Content-Type: text/plain; charset="us-ascii"

I received this question in a practice exam provided by a recent ISC2 CBK review seminar.  I was told the correct answer is C, however I don't agree with it as need-to-know would be an important factor with this model.  What do you all think? My guess on this was D.
24.  What is one issue NOT addressed by the Bell-LaPadula model?
           (A)  Information flow control
           (B)  Security levels
           (C)  Need to Know
           (D)  Access modes

Thanks,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090904/0af558f6/attachment-0001.html>

------------------------------

Message: 2
Date: Fri, 4 Sep 2009 11:56:52 -0400
From: Clement Dupuis <clement.dupuis at cccure.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] Bell-LaPadula Question?
Message-ID:
       <959788640909040856y707aa912qad05febc04e63f50 at mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"

The need to know is address by the use of labels.

Bell Lapadula was built to secure multilevel secure database.  They were
under Mandatory Access control.

The labels contain a security clearance (sensitivity) and also categories.
The categories enforces the need to know.

So it is definitively wrong

Take care

Clement

Cl?ment Dupuis, CD
CISSP, GCFW, GCIA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS,
 ACE
----------------------------------------------------------------------------------------------
In real life:
Senior Security Specialist and Instructor
Security University
>>  Call me to get the best CISSP training  <<
----------------------------------------------------------------------------------------------
In Cyberspace:
President/Security Evangelist/Chief Learning Officer (CLO)
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Business:  407 479 3903
Fax:          407 264 8396

Maintainer of :
The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org

Knowledge sharing and giving back to the community


On Fri, Sep 4, 2009 at 09:32, Dallas, Michael J Civ USAF USAFE 100 CS/SCQ <
mike.dallas at mildenhall.af.mil> wrote:

>  I received this question in a practice exam provided by a recent ISC2 CBK
> review seminar.  I was told the correct answer is C, however I don?t agree
> with it as need-to-know would be an important factor with this model.  What
> do you all think? My guess on this was D.
>
> 24.  What is one issue NOT addressed by the Bell-LaPadula model?
>
>             (A)  Information flow control
>
>             (B)  Security levels
>
>             (C)  Need to Know
>
>             (D)  Access modes
>
>
>
> Thanks,
>
> Mike
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090904/99e6f2f7/attachment-0001.html>

------------------------------

_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


End of cisspstudy Digest, Vol 15, Issue 7
*****************************************
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090907/af27736f/attachment.html>

More information about the cisspstudy mailing list