OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Clement Dupuis (cdupuis@CCCURE.NET)
Date: Tue Feb 13 2001 - 22:35:20 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Good day Joe,

    Please go to http://www.cccure.org and take a look under the download
    section. There is a document called domain_1.doc which cover the first
    domain or Access Control.

    Within the document you will find your answer.

    Clement

    > -----Original Message-----
    > From: CISSP Study Mailing List [mailto:CISSPSTUDY@SECURITYFOCUS.COM]On
    > Behalf Of Joey Maier
    > Sent: 12 fevrier, 2001 18:49
    > To: CISSPSTUDY@SECURITYFOCUS.COM
    > Subject: Re: Fw: [cisspforum] CISSP Study Materials & Links
    >
    >
    > Can anyone out there explain (or better yet, point me to some pages that
    > explain) the difference between the access matrix model and the
    > Bell-LaPadula model? I was just reading this
    >
    > http://ei.cs.vt.edu/~cs5204/fall99/protection/accessMatrix.html
    >
    > ...and their description of the validation process says:
    > =========================================================================
    > Each object has a monitor to validate every user access to that object
    > in the following manner to check for appropriate access rights:
    >
    > A subject s requests an access a to object o.
    > The protection system presents triplet (s, a, o) to the
    > monitor of o.
    > The monitor looks into the access rights of s to o. if a is in
    > the entry P[s,o], then the access is permitted; else it is denied.
    > =========================================================================
    >
    > That sounds a lot like the subject, object, and reference monitor
    > that I usually associate with Bell-LaPadula. What's the difference
    >
    > --
    > "When you understand UNIX, you will understand the world.
    > When you understand NT....you will understand NT" - Richard Thieme
    > http://www.slothnet.com - is currently unavailable :(
    >
    > +--------------------------------------------+
    > | You have received this email because you |
    > | subscribed to the CISSPSTUDY mailing list. |
    > | -- To unsubscribe, send an email to -- |
    > | listserv@securityfocus.com |
    > | with a message body of: |
    > | UNSUBSCRIBE CISSPSTUDY |
    > +--------------------------------------------+
    >
    >

                 +--------------------------------------------+
                 | You have received this email because you |
                 | subscribed to the CISSPSTUDY mailing list. |
                 | -- To unsubscribe, send an email to -- |
                 | listserv@securityfocus.com |
                 | with a message body of: |
                 | UNSUBSCRIBE CISSPSTUDY |
                 +--------------------------------------------+