[fw-wiz] protection models

From: Chris Pugrud (cpugrud_at_yahoo.com)
Date: 12/08/04

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] How to Save The World (was: Antivirus vendor conspiracy theories)" 
    To: "Magosányi" "Árpád" <mag@bunuel.tii.matav.hu>
Date: Wed, 8 Dec 2004 14:12:21 -0800 (PST)

    --- Magosányi Árpád <mag@bunuel.tii.matav.hu> wrote:
    > SPM is a new thing to me. I could not find the original paper in
    > citeseer, but found one with definition of SPM (about undecidability of
    > safety in SPM with cyclic creates). It seems to be a much more baroque
    > model than even my version of Bell-LaPadula. I cannot even understand it
    > for first read. Can you show me a security policy modell of an actual IT
    > system using SPM?

    SPM was born out of HRU and has the distinction of having decidable safety
    properties. ESPM, TAM, MTAM, SOTAM, and (I believe) RBAC are the evolutionary
    children of SPM. I only became familiar with them because I decided to go back
    and get a M.S. in information security and assurance, and take a class from Dr.
    Sandhu. I will concur that SPM is painful and obtuse. The academic papers for
    all of the above can be found at http://list.gmu.edu (with SPM being #32 under
    "journal papers").

    > Also we seem to forget that VLANs are not considered to be dependable
    > enough to be used as a domain separation mechanism. Or did I sleep while
    > something revolutionary had happened?

    Ahh, but I have a very shiny hammer, and VLANs look like very pretty nails.
    Honestly, VLAN's are not being used for domain seperation. "Private VLANS", a
    Cisco term for layer 2 isolation, is being used to prevent client machines, in
    the same security domain, from talking to each other. Technically that may
    lump them into seperate security domains, but I view them as being in the same
    domain with one consistent rule, no talking to each other for any reason.

    In this case, "private vlan technology" is being used for security seperation,
    and being newer and flashier than the already suspect vlan, are deeply
    distrusted. "Private VLAN technology" was, however, distinctly designed, and
    implemented by Cisco, as a security mechanism. Regardless, I can not find
    fault with the security community co-opting whatever useful tools that we can
    find and using them for our own means, as long as we understand the
    limitations.

    C is probably the most insecure language out there, but that did not stop
    Marcus from utilizing C to write the first proxy servers. [and I'm going to be
    struck down by, and owe a few beers to, Marcus, if they weren't written in C].

    chris
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] How to Save The World (was: Antivirus vendor conspiracy theories)"