Jump to content

Talk:Cross-domain solution

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

I would question the bias in this article. While I personally agree with some of the statements, things like this:

"a disturbing shift" "A shift of responsibility for certification and accreditation from agencies without conflict of interest to agencies responsible for both security and cost is not helpful at reducing receptiveness to more subjective flexibility."

"Those familiar with high strength technologies (that are sometimes less costly by the way) are more apt to be skeptical about the subversion resistance of less formal CDS."

seem to be written by someone with a personal bias towards one type type of CDS over another.

147.160.136.10 (talk) 13:50, 23 May 2008 (UTC)[reply]

Article lacks relevant citations, appears to be original research

[edit]

This article doesn't cite most of its claims, and adopts a pretty strong point of view against cross-domain. In addition, I'd disagree with some of the factual commentary, e.g.:

"CDS is distinct from the more rigorous approaches because it supports transfer that would otherwise be precluded by established models of computer/network/data security (e.g. Bell-La Padula and Clark-Wilson)."

"CDS development, assessment, and deployment are based on risk management."

Cross-domain solutions can implement the Bell-La Padula model, and are sometimes based on formal methods, not on risk management.

I'll add an "original research" tag. The author of the article, User:JA.Davidson is very knowledgeable in the field, but other points of view would be helpful too. This is an important topic in computer security, so I hope the article can be improved. —Preceding unsigned comment added by SyntaxPolice (talkcontribs) 15:52, 22 October 2009 (UTC)[reply]

..Re: I'd disagree with some of the factual commentary, e.g.: I would like to understand your point of disagreement. John (talk) 19:31, 15 March 2013 (UTC)[reply]

What are the more rigorous approaches?

[edit]

I think it is appropriate to have a page on CDS. I thank the original author for his contributions. But I have some questions.

Is there an intention to distinguish between "more rigorous" and "high assurance"? If a CDS is implemented with a "High Assurance Guard", would it be described as rigorous? Perhaps a multilevel secure operating (MLSOS) system is a more rigorous approach. But MLSOS can be the basis for a CDS.

BLP or Biba (Biba probably more relevant than Clark & Wilson) do not preclude CDS. They model what a CDS needs to do for the overall system to be secure. In BLP, a subject at one security level is not permitted to "write down", for example. Consider a CDS about to transfer an Unclassified document from a Secret network to an Unclassified network. It will be required to make some checks to confirm that the document is Unclassified. This may involve human review, signature checking, or other processes. But after those processes complete successfully, the CDS "subject" is now considered to be at the Unclassified level, and hence permitted to write the document to the Unclassified network.

In Clark & Wilson, a C5 transaction can proceed if a UDI (unconstrained, possibly high content) is converted to a CDI constrained data item which is constrained to have only low content. Again, the CDS is performing exactly what the model describes.

John Y (talk) 00:36, 25 September 2015 (UTC)[reply]

[edit]

Hello fellow Wikipedians,

I have just added archive links to one external link on Cross-domain solution. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—cyberbot IITalk to my owner:Online 13:28, 19 February 2016 (UTC)[reply]

[edit]

Hello fellow Wikipedians,

I have just modified one external link on Cross-domain solution. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 20:38, 14 August 2017 (UTC)[reply]