 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows Vista / Security / May 2006Vista and the Bell-Padula Model
Where will Vista fit in with the Bell-Padilla Security Model. Will the security be comparable to that of Unix. pestocat Make that the Bell-LaPadula Model, sorry about misspelling. > Where will Vista fit in with the Bell-Padilla Security Model. Will the > security be comparable to that of Unix. > pestocat Hi, well, Vista and BLP has nothing in common. Discretionary access control is still the heart of Vista, that essentially means "no" to BLP mandatory control stuff... -Valery. http://www.harper.no/valery > Make that the Bell-LaPadula Model, sorry about misspelling. > >> Where will Vista fit in with the Bell-Padilla Security Model. Will the >> security be comparable to that of Unix. >> pestocat You need to recognize that Bell-LaPadula is a model, not an implementation. Also, one aspect of how ownership works in Windows relative to access control is changing with the Vista era. This last makes the central part of "discretionary" no longer unavoidable in Windows. The Bell-LaPadula model could be implemented within the access control semantics of Windows, if the ability of a subject to pass along access grants that fail to meet the mandatory controls could be prevented. As I understand the new features coming in how ownership can be handled, this will now be preventable. > Make that the Bell-LaPadula Model, sorry about misspelling. > >> Where will Vista fit in with the Bell-Padilla Security Model. Will the >> security be comparable to that of Unix. >> pestocat >> Where will Vista fit in with the Bell-Padilla Security Model. Will the >> security be comparable to that of Unix. Last I heard, Role Based Access Control (RBAC) was the order of the day on Microsoft OSes. UNIX variants such as Trusted Solaris, Trusted HP-UX, Trusted IRIX, SELinux (implemented on Red Hat Enterprise Linux) implement Mandatory Access Control (MAC). These machines are role specific (i.e. database servers, mail servers) and usually not for general deployment. AFAIK, Microsoft has no plans for a MAC-enabled Vista client OS. Standard UNIX variants are Discretionary Access Control Based (DAC) I believe. As far as Vista being comparable to UNIX it depends on how well you harden the client. If Microsoft retires the notoriously bad NetBIOS, that will help matters. Edward Ray CISSP, MCSE+Security, PE, SANS GCIA, SANS GCIH The main deterent forcing MS OSs to discretionary access control has been the behavior/rights of owner over objects. Given that, last I have been briefed, one will be able to control how ownership vests upon new object creation, the door is open to attempt a deployment that relies upon the mandatory access control patterns. >>> Where will Vista fit in with the Bell-Padilla Security Model. Will the >>> security be comparable to that of Unix. [quoted text clipped - 15 lines] > Edward Ray > CISSP, MCSE+Security, PE, SANS GCIA, SANS GCIH |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.