Security Level?

Security Level?

Post by Alex Yu » Wed, 30 Nov 1994 18:30:17



Hi guys,
    Just curious if anyone could tell me the definition for security level
such as A, B1, C2 or else? Any feedback would be appreciated.

Thanks for notice.

Regards,
Alex/

 
 
 

Security Level?

Post by Holve » Thu, 01 Dec 1994 01:54:42


Do you guys know we just passed thru a BLACK HOLE in space?

    > Hi guys, Just curious if anyone could tell me the definition for
    > security level such as A, B1, C2 or else? Any feedback would be
    > appreciated.

"Trusted Computer System Evaluation Criteria, DOD standard
5200.28-STD, December, 1985" popularly referred to as the Orange Book.
--
------------------------------------------------------------------------



The fourth law of computing:
  Anything that can go wr
.signature: Segmentation violation -- core dumped

 
 
 

Security Level?

Post by Holve » Thu, 01 Dec 1994 02:01:39


..  Once upon a time, four AMPHIBIOUS HOG CALLERS attacked a family
 of DEFENSELESS, SENSITIVE COIN COLLECTORS and brought DOWN their
 PROPERTY VALUES!!

Sorry, forgot the Orange Book URL:
http://hightop.nrl.navy.mil/docs/orangebook.html

Also, to quote from the Orange Book,

DoD Components may obtain copies of this publication through their own
publications channels.  Other federal agencies and the public may obtain copies
from:  Office of Standards and Products, National Computer Security Center,
Fort Meade, MD  20755-6000, Attention:  Chief, Computer Security Standards.

Good luck!
--
------------------------------------------------------------------------



The fourth law of computing:
  Anything that can go wr
.signature: Segmentation violation -- core dumped

 
 
 

1. Security Levels/Access privilege Levels

Unix systems and the like support the notion of file access privileges
centered around centralized systems. That is owner,group,world.

Here the world really is the set of all members within the scope of
that machine/organizations.

However now with the advent of new paradigms such as network computing
and open systems there is no such boundary. World is really the whole
world. Anybody can read any file with the help of various tools.

So when we deem a file to be readable by world, do we really
mean world? For instance, am I allowed to read those files marked
r-r-r no matter where it is (NSA,CIA.gov,IBM.com,att.com).

May be the levels of security must be extended to
owner,group,organization,domain,country,world.

Agreed, capability based access obviates the need for such richer
classification, atleast in theory.

Security is extremely important for successful implementation and
acceptance of groupware and open system software.

All suggestions and ideas welcome.

Is there any one working on such security levels besides network
login. We have implemented a directory server which can be used to
enforce these levels of security. But seems inefficient done this way.

Thank you

-
Kannan

Concurrent Engineering Research Center

Ideas and opinions are mine. Please include standard disclaimer.h

2. problems with Apache-SSL private-keys & PEM (again)

3. aset (solaris) security levels

4. Sendmail loops?

5. question on Unix security level for difference OS

6. New Kernel

7. what security level is openbsd?

8. Oracle binaries in a VCS environment

9. changing the security level

10. Any hope of getting linux running at Security Level B

11. Security level changes don't stick

12. NIS+ problems with security level 2

13. Change Security Level of NIS+ [HELP]