P
pestocat
Where will Vista fit in with the Bell-Padilla Security Model. Will the
security be comparable to that of Unix.
pestocat
security be comparable to that of Unix.
pestocat
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
P
pestocat
Make that the Bell-LaPadula Model, sorry about misspelling.
V
Valery Pryamikov
Hi,
well, Vista and BLP has nothing in common. Discretionary access control is
still the heart of Vista, that essentially means "no" to BLP mandatory
control stuff...
-Valery.
http://www.harper.no/valery
well, Vista and BLP has nothing in common. Discretionary access control is
still the heart of Vista, that essentially means "no" to BLP mandatory
control stuff...
-Valery.
http://www.harper.no/valery
R
Roger Abell [MVP]
You need to recognize that Bell-LaPadula is a model, not an
implementation. Also, one aspect of how ownership works
in Windows relative to access control is changing with the
Vista era. This last makes the central part of "discretionary"
no longer unavoidable in Windows. The Bell-LaPadula model
could be implemented within the access control semantics of
Windows, if the ability of a subject to pass along access grants
that fail to meet the mandatory controls could be prevented.
As I understand the new features coming in how ownership
can be handled, this will now be preventable.
implementation. Also, one aspect of how ownership works
in Windows relative to access control is changing with the
Vista era. This last makes the central part of "discretionary"
no longer unavoidable in Windows. The Bell-LaPadula model
could be implemented within the access control semantics of
Windows, if the ability of a subject to pass along access grants
that fail to meet the mandatory controls could be prevented.
As I understand the new features coming in how ownership
can be handled, this will now be preventable.
E
Edward Ray
Where will Vista fit in with the Bell-Padilla Security Model. Will the
Last I heard, Role Based Access Control (RBAC) was the order of the day on
Microsoft OSes.
UNIX variants such as Trusted Solaris, Trusted HP-UX, Trusted IRIX, SELinux
(implemented on Red Hat Enterprise Linux) implement Mandatory Access Control
(MAC). These machines are role specific (i.e. database servers, mail
servers) and usually not for general deployment. AFAIK, Microsoft has no
plans for a MAC-enabled Vista client OS. Standard UNIX variants are
Discretionary Access Control Based (DAC) I believe.
As far as Vista being comparable to UNIX it depends on how well you harden
the client. If Microsoft retires the notoriously bad NetBIOS, that will
help matters.
Edward Ray
CISSP, MCSE+Security, PE, SANS GCIA, SANS GCIH
Last I heard, Role Based Access Control (RBAC) was the order of the day on
Microsoft OSes.
UNIX variants such as Trusted Solaris, Trusted HP-UX, Trusted IRIX, SELinux
(implemented on Red Hat Enterprise Linux) implement Mandatory Access Control
(MAC). These machines are role specific (i.e. database servers, mail
servers) and usually not for general deployment. AFAIK, Microsoft has no
plans for a MAC-enabled Vista client OS. Standard UNIX variants are
Discretionary Access Control Based (DAC) I believe.
As far as Vista being comparable to UNIX it depends on how well you harden
the client. If Microsoft retires the notoriously bad NetBIOS, that will
help matters.
Edward Ray
CISSP, MCSE+Security, PE, SANS GCIA, SANS GCIH
R
Roger Abell [MVP]
The main deterent forcing MS OSs to discretionary access control
has been the behavior/rights of owner over objects. Given that, last
I have been briefed, one will be able to control how ownership vests
upon new object creation, the door is open to attempt a deployment
that relies upon the mandatory access control patterns.
has been the behavior/rights of owner over objects. Given that, last
I have been briefed, one will be able to control how ownership vests
upon new object creation, the door is open to attempt a deployment
that relies upon the mandatory access control patterns.