Vista and the Bell-Padula Model

Discussion in 'Windows Vista Security' started by pestocat, May 5, 2006.

  1. pestocat

    pestocat Guest

    Where will Vista fit in with the Bell-Padilla Security Model. Will the
    security be comparable to that of Unix.
    pestocat
     
    pestocat, May 5, 2006
    #1
    1. Advertisements

  2. pestocat

    pestocat Guest

    Make that the Bell-LaPadula Model, sorry about misspelling.
     
    pestocat, May 5, 2006
    #2
    1. Advertisements

  3. Hi,
    well, Vista and BLP has nothing in common. Discretionary access control is
    still the heart of Vista, that essentially means "no" to BLP mandatory
    control stuff...

    -Valery.
    http://www.harper.no/valery
     
    Valery Pryamikov, May 6, 2006
    #3
  4. You need to recognize that Bell-LaPadula is a model, not an
    implementation. Also, one aspect of how ownership works
    in Windows relative to access control is changing with the
    Vista era. This last makes the central part of "discretionary"
    no longer unavoidable in Windows. The Bell-LaPadula model
    could be implemented within the access control semantics of
    Windows, if the ability of a subject to pass along access grants
    that fail to meet the mandatory controls could be prevented.
    As I understand the new features coming in how ownership
    can be handled, this will now be preventable.
     
    Roger Abell [MVP], May 7, 2006
    #4
  5. pestocat

    Edward Ray Guest

    Where will Vista fit in with the Bell-Padilla Security Model. Will the
    Last I heard, Role Based Access Control (RBAC) was the order of the day on
    Microsoft OSes.

    UNIX variants such as Trusted Solaris, Trusted HP-UX, Trusted IRIX, SELinux
    (implemented on Red Hat Enterprise Linux) implement Mandatory Access Control
    (MAC). These machines are role specific (i.e. database servers, mail
    servers) and usually not for general deployment. AFAIK, Microsoft has no
    plans for a MAC-enabled Vista client OS. Standard UNIX variants are
    Discretionary Access Control Based (DAC) I believe.

    As far as Vista being comparable to UNIX it depends on how well you harden
    the client. If Microsoft retires the notoriously bad NetBIOS, that will
    help matters.

    Edward Ray
    CISSP, MCSE+Security, PE, SANS GCIA, SANS GCIH
     
    Edward Ray, May 15, 2006
    #5
  6. The main deterent forcing MS OSs to discretionary access control
    has been the behavior/rights of owner over objects. Given that, last
    I have been briefed, one will be able to control how ownership vests
    upon new object creation, the door is open to attempt a deployment
    that relies upon the mandatory access control patterns.
     
    Roger Abell [MVP], May 21, 2006
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.