Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
You can see where the priorities lie looking at this section
- Thread starter warmongr
- Start date
- Staff
- #2
B2 is an orangebook TCSEC rating . A rating at the B level indicates support for mandatory access control as well as a relatively high level of security assurance (No discressionary access allowed).<br>
<br>
Unfortunately i'm not sure about your first question. I'm tempted to say no, with the current embedded tools, especially from SGI. I'll see what I can dig up though.
<br>
Unfortunately i'm not sure about your first question. I'm tempted to say no, with the current embedded tools, especially from SGI. I'll see what I can dig up though.
- Staff
- #3
Warmongr....I'll put in my two cents....<br>
<br>
There are basically four divisions of security, from D (the lowest protection) to A (good protection). Within these divisions you will find seven levels though, and each level includes all of the security provisions of the proceeding levels, so that as you can see, levels build upon each other. So in answer to your question, B2 security is simply a level of security a step greater than B1, and A1 is greater than all the other levels. These are simply, as Warcorp points out, orangebook ratings. <br>
<br>
Unfortunately, Warcorp's suspicions are also correct, that the answer is NO to object level security. Your platforms do not follow a physical security model, but rather a discretionary access model. Here the owner of an object controls access to the object for himself, a group, and all others. The owner can do anything with the object, and therefore security is discretionary, and therefore..limited.
<br>
There are basically four divisions of security, from D (the lowest protection) to A (good protection). Within these divisions you will find seven levels though, and each level includes all of the security provisions of the proceeding levels, so that as you can see, levels build upon each other. So in answer to your question, B2 security is simply a level of security a step greater than B1, and A1 is greater than all the other levels. These are simply, as Warcorp points out, orangebook ratings. <br>
<br>
Unfortunately, Warcorp's suspicions are also correct, that the answer is NO to object level security. Your platforms do not follow a physical security model, but rather a discretionary access model. Here the owner of an object controls access to the object for himself, a group, and all others. The owner can do anything with the object, and therefore security is discretionary, and therefore..limited.
- Thread starter
- #5
In system security terms, two stand out alot...subject and object. Subjects are basically either persons OR programs that operate on behalf of other users. Objects though, are not active, but passive things.....such as any files, devices, and really even the system itself. So if you want to read a file on the system using a text editor called, "wordy", for example..hehe..bad one too ;-)..."wordy" is the subject which will read from the file (which is the object). Speaking of wordy...darn if I aint too! ;-) Hope that clarifies terms a bit.
- Thread starter
- #7
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question