Re: Defense in Depth to the Desktop

[Magosányi Árpád <mag () bunuel tii matav hu>]

A levelezőm azt hiszi, hogy Chris Pugrud a következőeket írta:
> > It is interesting to note that what you propose can be viewed as an
> > example of the Bell-LaPadula modell with two security levels.
> This was recently pointed out to me, and I will be framing my academic writeup
> more along those lines.  It would be more helpful if I can frame it in terms of
> Sandhu's SPM because of the decidable safety properties of SPM.  It also
> doesn't hurt that Sandhu is my advisor.  Thinking about the model in those
> terms adds to the vocabulary as well as making the analisys more interesting,
> but it will take me a few more months to really wrap my head around.

SPM is a new thing to me. I could not find the original paper in
citeseer, but found one with definition of SPM (about undecidability of
safety in SPM with cyclic creates). It seems to be a much more baroque
model than even my version of Bell-LaPadula. I cannot even understand it
for first read. Can you show me a security policy modell of an actual IT
system using SPM?

Also we seem to forget that VLANs are not considered to be dependable
enough to be used as a domain separation mechanism. Or did I sleep while
something revolutionary had happened?

-- 
GNU GPL: csak tiszta forrásból
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards