Security Basics mailing list archives
RE: Help needed with Mandatory Access Control Security Labels
From: "Lee Hilt" <lhilt () mbc edu>
Date: Fri, 1 Feb 2008 10:41:48 -0500
Im not certain about this, so take what I say here with a grain of salt, Im only going by my experience within the Air Force (11 years of service). I would think knowing that the classification of the resource MUST be the classification of the most sensative classified document stored in a given resource, (I.E. 3x Unclass Documents, 2x Secret Documents, 1 x Top Secret Document = a Top Secret resource) then if you stored the unclass SCIENCE resource as a child resource of the (SECRET;(TECHNOLOGY;SCIENCE)) resource, then no, you shouldnt have read access unless you are properly cleared for the highest level of classification of that resource (TOP SECRET). Now, that shouldn't prevent a cleared user of that resource (who has the responsibilities of dissiminating this information) from recognizing your need to access it and possibly allowing you to read it in another fasion, but giving Read access to a resource and its contents MUST be considered by the individual's : 1) Security Clearance 2) Need to Know. That being said, if a person cleared for Top Secret could not demonstrate a clear NEED to KNOW for a particular (SECRET) resource, or (For Official Use Only) for that matter, they should be denied access. Just because a clearance is held, does not mean they have a need to access all resources they are cleared for. Lee Hit -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Kelly Robinson Sent: 2008-01-31 7:25 To: security-basics () securityfocus com Subject: Help needed with Mandatory Access Control Security Labels Hi, I am studying for my CISSP at the moment and I have a question regarding Mandatory Access Controls and security labels. I understand the whole security labels thingy ie Top Secret > Secret > Classified > Unclassified and I understand some of the different models and their write-up, read-up, write-down etc rules. I just dont get the {Resource} part. Say I have the following (SECRET;{TECHNOLOGY}) and I want read access to an UNCLASSIFIED document in the SCIENCE resource I am assuming that since I dont have (SECRET;(TECHNOLOGY;SCIENCE}) that I would NOT have read access? Is that right? Thanks K.
Current thread:
- Help needed with Mandatory Access Control Security Labels Kelly Robinson (Feb 01)
- RE: Help needed with Mandatory Access Control Security Labels Lee Hilt (Feb 01)
- RE: Help needed with Mandatory Access Control Security Labels Jerry Pettus (Feb 01)
- <Possible follow-ups>
- Re: Help needed with Mandatory Access Control Security Labels sculark-tx (Feb 01)
- RE: Help needed with Mandatory Access Control Security Labels Lee Hilt (Feb 01)