Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BIBA Model

From: Richard Thomas <austindad () gmail com>
Date: Mon, 31 Aug 2009 09:58:25 -0500
Munya,

First of all, you need to understand that Biba, Bell-Lapadula,
Clark-Wilson, et al, are theoretical models.  (Wikipedia has some
decent write ups on these models -
http://en.wikipedia.org/wiki/Bell-La_Padula_model)  So, you would not
ask if an OS is based on one of these, since most systems have
elements of both.  You might ask if the security priorities of a
system are primarily focused on integrity or confidentiality.  Also,
in actual implementation, if you look at the previous Orange Book (you
can find the Rainbow series here -
http://www.fas.org/irp/nsa/rainbow.htm) levels, MAC was always layered
on top of DAC.  My recommendation to you, if you work for a federal
department, is to look for products that are Common Criteria
validated.  This is an international standard (ISO 15408) for
evaluating the assurance levels of IT products.  In the Security
Targets (ST) of the validated products, you should find the
information you are looking for.  The web site
commoncriteriaportal.org is a great place to start.  Good luck.

Richard Thomas

On Fri, Aug 28, 2009 at 5:59 AM, M.D.Mufambisi<mufambisi () gmail com> wrote:

Hi all. It might not be the right forum for this xtion, butr im pretty
sure someone can answer me. I failed to get the appropriate forum for
this.

I understand that MAC operating systems are based on the Bell-La
Paddula model. Where exactly is the BIBA model implemented and how do
you tell? If i work for a federal dpt and was considering purchasing a
product, id need to know this right? Where would i get this info of
the security model used?

Regards

Munya

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: