Talk:Cross-domain solution

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computer Security / Computing   
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.

I would question the bias in this article. While I personally agree with some of the statements, things like this:

"a disturbing shift" "A shift of responsibility for certification and accreditation from agencies without conflict of interest to agencies responsible for both security and cost is not helpful at reducing receptiveness to more subjective flexibility."

"Those familiar with high strength technologies (that are sometimes less costly by the way) are more apt to be skeptical about the subversion resistance of less formal CDS."

seem to be written by someone with a personal bias towards one type type of CDS over another. (talk) 13:50, 23 May 2008 (UTC)

Article lacks relevant citations, appears to be original research[edit]

This article doesn't cite most of its claims, and adopts a pretty strong point of view against cross-domain. In addition, I'd disagree with some of the factual commentary, e.g.:

"CDS is distinct from the more rigorous approaches because it supports transfer that would otherwise be precluded by established models of computer/network/data security (e.g. Bell-La Padula and Clark-Wilson)."

"CDS development, assessment, and deployment are based on risk management."

Cross-domain solutions can implement the Bell-La Padula model, and are sometimes based on formal methods, not on risk management.

I'll add an "original research" tag. The author of the article, User:JA.Davidson is very knowledgeable in the field, but other points of view would be helpful too. This is an important topic in computer security, so I hope the article can be improved. —Preceding unsigned comment added by SyntaxPolice (talkcontribs) 15:52, 22 October 2009 (UTC)

..Re: I'd disagree with some of the factual commentary, e.g.: I would like to understand your point of disagreement. John (talk) 19:31, 15 March 2013 (UTC)

What are the more rigorous approaches?[edit]

I think it is appropriate to have a page on CDS. I thank the original author for his contributions. But I have some questions.

Is there an intention to distinguish between "more rigorous" and "high assurance"? If a CDS is implemented with a "High Assurance Guard", would it be described as rigorous? Perhaps a multilevel secure operating (MLSOS) system is a more rigorous approach. But MLSOS can be the basis for a CDS.

BLP or Biba (Biba probably more relevant than Clark & Wilson) do not preclude CDS. They model what a CDS needs to do for the overall system to be secure. In BLP, a subject at one security level is not permitted to "write down", for example. Consider a CDS about to transfer an Unclassified document from a Secret network to an Unclassified network. It will be required to make some checks to confirm that the document is Unclassified. This may involve human review, signature checking, or other processes. But after those processes complete successfully, the CDS "subject" is now considered to be at the Unclassified level, and hence permitted to write the document to the Unclassified network.

In Clark & Wilson, a C5 transaction can proceed if a UDI (unconstrained, possibly high content) is converted to a CDI constrained data item which is constrained to have only low content. Again, the CDS is performing exactly what the model describes.

John Y (talk) 00:36, 25 September 2015 (UTC)

External links modified[edit]

Hello fellow Wikipedians,

I have just added archive links to one external link on Cross-domain solution. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

You may set the |checked=, on this template, to true or failed to let other editors know you reviewed the change. If you find any errors, please use the tools below to fix them or call an editor by setting |needhelp= to your help request.

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

If you are unable to use these tools, you may set |needhelp=<your help request> on this template to request help from an experienced user. Please include details about your problem, to help other editors.

Cheers.—cyberbot IITalk to my owner:Online 13:28, 19 February 2016 (UTC)