Firewall Wizards mailing list archives

protection models

From: Chris Pugrud <cpugrud () yahoo com>
Date: Wed, 8 Dec 2004 14:12:21 -0800 (PST)


--- Magosányi Árpád <mag () bunuel tii matav hu> wrote:

SPM is a new thing to me. I could not find the original paper in
citeseer, but found one with definition of SPM (about undecidability of
safety in SPM with cyclic creates). It seems to be a much more baroque
model than even my version of Bell-LaPadula. I cannot even understand it
for first read. Can you show me a security policy modell of an actual IT
system using SPM?


SPM was born out of HRU and has the distinction of having decidable safety
properties.  ESPM, TAM, MTAM, SOTAM, and (I believe) RBAC are the evolutionary
children of SPM.  I only became familiar with them because I decided to go back
and get a M.S. in information security and assurance, and take a class from Dr.
Sandhu.  I will concur that SPM is painful and obtuse.  The academic papers for
all of the above can be found at http://list.gmu.edu (with SPM being #32 under
"journal papers").

Also we seem to forget that VLANs are not considered to be dependable
enough to be used as a domain separation mechanism. Or did I sleep while
something revolutionary had happened?


Ahh, but I have a very shiny hammer, and VLANs look like very pretty nails. 
Honestly, VLAN's are not being used for domain seperation.  "Private VLANS", a
Cisco term for layer 2 isolation, is being used to prevent client machines, in
the same security domain, from talking to each other.  Technically that may
lump them into seperate security domains, but I view them as being in the same
domain with one consistent rule, no talking to each other for any reason.

In this case, "private vlan technology" is being used for security seperation,
and being newer and flashier than the already suspect vlan, are deeply
distrusted.  "Private VLAN technology" was, however, distinctly designed, and
implemented by Cisco, as a security mechanism.  Regardless, I can not find
fault with the security community co-opting whatever useful tools that we can
find and using them for our own means, as long as we understand the
limitations.

C is probably the most insecure language out there, but that did not stop
Marcus from utilizing C to write the first proxy servers.  [and I'm going to be
struck down by, and owe a few beers to, Marcus, if they weren't written in C].

chris
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Defense in Depth to the Desktop Chris Pugrud (Dec 05)
- Re: Defense in Depth to the Desktop Magosányi Árpád (Dec 07)
  - Re: Defense in Depth to the Desktop Chris Pugrud (Dec 07)
    - Re: Defense in Depth to the Desktop Magosányi Árpád (Dec 11)
    - protection models Chris Pugrud (Dec 11)
- Re: Defense in Depth to the Desktop Rogan Dawes (Dec 07)
  - Re: Defense in Depth to the Desktop Chris Pugrud (Dec 07)
- RE: Defense in Depth to the Desktop Ben Nagy (Dec 07)
  - RE: Defense in Depth to the Desktop Chris Pugrud (Dec 07)
    - RE: Defense in Depth to the Desktop Scott Stursa (Dec 11)
    - RE: Defense in Depth to the Desktop Chris Pugrud (Dec 11)
- Re: Defense in Depth to the Desktop Kevin Sheldrake (Dec 11)
- Re: Defense in Depth to the Desktop Paul D. Robertson (Dec 12)
  - Re: Defense in Depth to the Desktop Chris Pugrud (Dec 13)
    - Re: Defense in Depth to the Desktop Paul D. Robertson (Dec 13)

(Thread continues...)