PC Review Forums Newsgroups Windows Vista Windows Vista Security Vista and the Bell-Padula Model

Reply

Vista and the Bell-Padula Model
 
Thread Tools Rate Thread
Old 05-05-2006, 11:04 PM   #1
pestocat
Guest
 
Posts: n/a
Default Vista and the Bell-Padula Model


Where will Vista fit in with the Bell-Padilla Security Model. Will the
security be comparable to that of Unix.
pestocat
  Reply With Quote
Old 06-05-2006, 12:09 AM   #2
pestocat
Guest
 
Posts: n/a
Default Re: Vista and the Bell-Padula Model
Make that the Bell-LaPadula Model, sorry about misspelling.



"pestocat" <gel114@theconnection.com> wrote in message
news:ebysydIcGHA.2456@TK2MSFTNGP04.phx.gbl...
> Where will Vista fit in with the Bell-Padilla Security Model. Will the
> security be comparable to that of Unix.
> pestocat
>
  Reply With Quote
Old 06-05-2006, 09:54 AM   #3
Valery Pryamikov
Guest
 
Posts: n/a
Default Re: Vista and the Bell-Padula Model
Hi,
well, Vista and BLP has nothing in common. Discretionary access control is
still the heart of Vista, that essentially means "no" to BLP mandatory
control stuff...

-Valery.
http://www.harper.no/valery

"pestocat" <gel114@theconnection.com> wrote in message
news:uG$uTCJcGHA.3952@TK2MSFTNGP04.phx.gbl...
> Make that the Bell-LaPadula Model, sorry about misspelling.
>
>
>
> "pestocat" <gel114@theconnection.com> wrote in message
> news:ebysydIcGHA.2456@TK2MSFTNGP04.phx.gbl...
>> Where will Vista fit in with the Bell-Padilla Security Model. Will the
>> security be comparable to that of Unix.
>> pestocat
>>
>
>
  Reply With Quote
Old 07-05-2006, 09:59 AM   #4
Roger Abell [MVP]
Guest
 
Posts: n/a
Default Re: Vista and the Bell-Padula Model
You need to recognize that Bell-LaPadula is a model, not an
implementation. Also, one aspect of how ownership works
in Windows relative to access control is changing with the
Vista era. This last makes the central part of "discretionary"
no longer unavoidable in Windows. The Bell-LaPadula model
could be implemented within the access control semantics of
Windows, if the ability of a subject to pass along access grants
that fail to meet the mandatory controls could be prevented.
As I understand the new features coming in how ownership
can be handled, this will now be preventable.

"pestocat" <gel114@theconnection.com> wrote in message
news:uG$uTCJcGHA.3952@TK2MSFTNGP04.phx.gbl...
> Make that the Bell-LaPadula Model, sorry about misspelling.
>
>
>
> "pestocat" <gel114@theconnection.com> wrote in message
> news:ebysydIcGHA.2456@TK2MSFTNGP04.phx.gbl...
>> Where will Vista fit in with the Bell-Padilla Security Model. Will the
>> security be comparable to that of Unix.
>> pestocat
>>
>
>
  Reply With Quote
Old 15-05-2006, 04:34 AM   #5
Edward Ray
Guest
 
Posts: n/a
Default Re: Vista and the Bell-Padula Model
>> Where will Vista fit in with the Bell-Padilla Security Model. Will the
>> security be comparable to that of Unix.

Last I heard, Role Based Access Control (RBAC) was the order of the day on
Microsoft OSes.

UNIX variants such as Trusted Solaris, Trusted HP-UX, Trusted IRIX, SELinux
(implemented on Red Hat Enterprise Linux) implement Mandatory Access Control
(MAC). These machines are role specific (i.e. database servers, mail
servers) and usually not for general deployment. AFAIK, Microsoft has no
plans for a MAC-enabled Vista client OS. Standard UNIX variants are
Discretionary Access Control Based (DAC) I believe.

As far as Vista being comparable to UNIX it depends on how well you harden
the client. If Microsoft retires the notoriously bad NetBIOS, that will
help matters.

Edward Ray
CISSP, MCSE+Security, PE, SANS GCIA, SANS GCIH
  Reply With Quote
Old 21-05-2006, 01:48 AM   #6
Roger Abell [MVP]
Guest
 
Posts: n/a
Default Re: Vista and the Bell-Padula Model
The main deterent forcing MS OSs to discretionary access control
has been the behavior/rights of owner over objects. Given that, last
I have been briefed, one will be able to control how ownership vests
upon new object creation, the door is open to attempt a deployment
that relies upon the mandatory access control patterns.

"Edward Ray" <ewray@newsgroup.nospam> wrote in message
news:OEhNVg8dGHA.1208@TK2MSFTNGP02.phx.gbl...
>>> Where will Vista fit in with the Bell-Padilla Security Model. Will the
>>> security be comparable to that of Unix.
>
> Last I heard, Role Based Access Control (RBAC) was the order of the day on
> Microsoft OSes.
>
> UNIX variants such as Trusted Solaris, Trusted HP-UX, Trusted IRIX,
> SELinux (implemented on Red Hat Enterprise Linux) implement Mandatory
> Access Control (MAC). These machines are role specific (i.e. database
> servers, mail servers) and usually not for general deployment. AFAIK,
> Microsoft has no plans for a MAC-enabled Vista client OS. Standard UNIX
> variants are Discretionary Access Control Based (DAC) I believe.
>
> As far as Vista being comparable to UNIX it depends on how well you harden
> the client. If Microsoft retires the notoriously bad NetBIOS, that will
> help matters.
>
> Edward Ray
> CISSP, MCSE+Security, PE, SANS GCIA, SANS GCIH
>
  Reply With Quote
Reply

Archive


Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off