Security Basics mailing list archives
Re: BIBA Model
From: Richard Thomas <austindad () gmail com>
Date: Mon, 31 Aug 2009 09:58:25 -0500
Munya, First of all, you need to understand that Biba, Bell-Lapadula, Clark-Wilson, et al, are theoretical models. (Wikipedia has some decent write ups on these models - http://en.wikipedia.org/wiki/Bell-La_Padula_model) So, you would not ask if an OS is based on one of these, since most systems have elements of both. You might ask if the security priorities of a system are primarily focused on integrity or confidentiality. Also, in actual implementation, if you look at the previous Orange Book (you can find the Rainbow series here - http://www.fas.org/irp/nsa/rainbow.htm) levels, MAC was always layered on top of DAC. My recommendation to you, if you work for a federal department, is to look for products that are Common Criteria validated. This is an international standard (ISO 15408) for evaluating the assurance levels of IT products. In the Security Targets (ST) of the validated products, you should find the information you are looking for. The web site commoncriteriaportal.org is a great place to start. Good luck. Richard Thomas On Fri, Aug 28, 2009 at 5:59 AM, M.D.Mufambisi<mufambisi () gmail com> wrote:
Hi all. It might not be the right forum for this xtion, butr im pretty sure someone can answer me. I failed to get the appropriate forum for this. I understand that MAC operating systems are based on the Bell-La Paddula model. Where exactly is the BIBA model implemented and how do you tell? If i work for a federal dpt and was considering purchasing a product, id need to know this right? Where would i get this info of the security model used? Regards Munya ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- BIBA Model M.D.Mufambisi (Aug 31)
- Re: BIBA Model Kim Guldberg (Aug 31)
- Re: BIBA Model Richard Thomas (Aug 31)