Hi guys,
Just curious if anyone could tell me the definition for security level
such as A, B1, C2 or else? Any feedback would be appreciated.
Thanks for notice.
Regards,
Alex/
by Alex Yu » Wed, 30 Nov 1994 18:30:17
Thanks for notice.
Regards,
Alex/
by Holve » Thu, 01 Dec 1994 01:54:42
> Hi guys, Just curious if anyone could tell me the definition for
> security level such as A, B1, C2 or else? Any feedback would be
> appreciated.
"Trusted Computer System Evaluation Criteria, DOD standard
5200.28-STD, December, 1985" popularly referred to as the Orange Book.
--
------------------------------------------------------------------------
The fourth law of computing:
Anything that can go wr
.signature: Segmentation violation -- core dumped
by Holve » Thu, 01 Dec 1994 02:01:39
Sorry, forgot the Orange Book URL:
http://hightop.nrl.navy.mil/docs/orangebook.html
Also, to quote from the Orange Book,
DoD Components may obtain copies of this publication through their own
publications channels. Other federal agencies and the public may obtain copies
from: Office of Standards and Products, National Computer Security Center,
Fort Meade, MD 20755-6000, Attention: Chief, Computer Security Standards.
Good luck!
--
------------------------------------------------------------------------
The fourth law of computing:
Anything that can go wr
.signature: Segmentation violation -- core dumped
1. Security Levels/Access privilege Levels
Unix systems and the like support the notion of file access privileges
centered around centralized systems. That is owner,group,world.
Here the world really is the set of all members within the scope of
that machine/organizations.
However now with the advent of new paradigms such as network computing
and open systems there is no such boundary. World is really the whole
world. Anybody can read any file with the help of various tools.
So when we deem a file to be readable by world, do we really
mean world? For instance, am I allowed to read those files marked
r-r-r no matter where it is (NSA,CIA.gov,IBM.com,att.com).
May be the levels of security must be extended to
owner,group,organization,domain,country,world.
Agreed, capability based access obviates the need for such richer
classification, atleast in theory.
Security is extremely important for successful implementation and
acceptance of groupware and open system software.
All suggestions and ideas welcome.
Is there any one working on such security levels besides network
login. We have implemented a directory server which can be used to
enforce these levels of security. But seems inefficient done this way.
Thank you
-
Kannan
Concurrent Engineering Research Center
Ideas and opinions are mine. Please include standard disclaimer.h
2. problems with Apache-SSL private-keys & PEM (again)
3. aset (solaris) security levels
5. question on Unix security level for difference OS
6. New Kernel
7. what security level is openbsd?
8. Oracle binaries in a VCS environment
9. changing the security level
10. Any hope of getting linux running at Security Level B
11. Security level changes don't stick
12. NIS+ problems with security level 2
13. Change Security Level of NIS+ [HELP]