|
Purple Penelope
Purple Penelope was a demonstration secure system created by the Defence Research Agency (DRA) in the UK. Its aim was to show that the security functionality of Windows NT could be extended to support users handling classified information. Security Model Purple Penelope implemented the Domain Based Security model which was developed for the UK Ministry of Defence by DRA to take advantage of using Commercial Off The Shelf (COTS) software to implement secure systems. Within a security domain access controls are designed to stop users from accessing material without a need-to-know and to prevent them making mistakes when handling classified data, while controls over sharing information between security domains are more stringent and defend against attacks and hold the users to account for their actions. The model calls for discretionary security labelling and role based access controls within a domain and user-sanctioned release of information from the domain coupled with a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Defence Research Agency
The Defence Research Agency (DRA) was an executive agency of the UK Ministry of Defence (MOD) from April 1991 until April 1995. At the time, the DRA was Britain's largest science and technology organisation. In April 1995, the DRA was combined with five other MOD establishments to form the Defence Evaluation and Research Agency. History The DRA was formed on 1 April 1991 as an amalgamation of the following Defence Research Establishments: *Admiralty Research Establishment (ARE) – major sites Portsdown, Hampshire and Southwell, Dorset ("Maritime Division") *Royal Aircraft Establishment (RAE) – major site Farnborough, Hampshire ("Aerospace Division") *Aeroplane and Armament Experimental Establishment (A&AEE) – major site Boscombe Down *Royal Armament Research and Development Establishment (RARDE) – major site Fort Halstead, Kent ("Military Division") *Royal Signals and Radar Establishment (RSRE) – major site Malvern, Worcestershire ("Electronics Division") DRA's headqu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Windows Nt
Windows NT is a proprietary graphical operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ... produced by Microsoft, the first version of which was released on July 27, 1993. It is a processor-independent, multiprocessing and multi-user operating system. The first version of Windows NT was Windows NT 3.1 and was produced for workstations and server computers. It was a commercially focused operating system intended to complement consumer versions of Microsoft Windows, Windows that were based on MS-DOS (including Windows 1.0 through Windows 3.1x). Gradually, the Windows NT family was expanded into Microsoft's general-purpose operating system product line for all personal computers, deprecating the Windows 9x family. "NT" was formerly expanded to "New Technology" but no ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Classified Information
Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, and mishandling of the material can incur criminal penalties. A formal security clearance is required to view or handle classified material. The clearance process requires a satisfactory background investigation. Documents and other information must be properly marked "by the author" with one of several (hierarchical) levels of sensitivity—e.g. restricted, confidential, secret, and top secret. The choice of level is based on an impact assessment; governments have their own criteria, including how to determine the classification of an information asset and rules on how to protect information classified at each level. This process often includes security clearances for personnel handling the information. Some corporations and non-governm ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Domain Based Security
"Domain Based Security", abbreviated to "DBSy", is a model-based approach to help analyze information security risks in a business context and provide a clear and direct mapping between the risks and the security controls needed to manage them. A variant of the approach is used by the UK government's HMG Infosec Standard No.1 technical risk-assessment method. DBSy is a registered trade mark of QinetiQ Ltd. DBSy was developed in the late 1990s by the Defence Evaluation and Research Agency (DERA). It is a model-based approach to information assurance that describes the requirements for security in an organisation, taking account of the business that needs to be supported. The model is based around the concept of a security domain, which represents a logical place where people work with information using a computer system, and which has connections with other security domains where this is necessary to support business activity. Hence the focus is on the information that needs pro ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Commercial Off-the-shelf
Commercial off-the-shelf or commercially available off-the-shelf (COTS) products are packaged or canned (ready-made) hardware or software, which are adapted aftermarket to the needs of the purchasing organization, rather than the commissioning of custom-made, or bespoke, solutions. A related term, Mil-COTS, refers to COTS products for use by the U.S. military. In the context of the U.S. government, the Federal Acquisition Regulation (FAR) has defined "COTS" as a formal term for commercial items, including services, available in the commercial marketplace that can be bought and used under government contract. For example, Microsoft is a COTS software provider. Goods and construction materials may qualify as COTS but bulk cargo does not. Services associated with the commercial items may also qualify as COTS, including installation services, training services, and cloud services. COTS purchases are alternatives to custom software or one-off developments – government-funded dev ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Need To Know
The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one has all the necessary official approvals (such as a security clearance) to access certain information, one would not be given access to such information, or read into a clandestine operation, unless one has a specific ''need to know''; that is, access to the information must be necessary for one to conduct one's official duties. This term also includes anyone that the people with the knowledge deemed necessary to share it with. As with most security mechanisms, the aim is to make it difficult for unauthorized access to occur, without inconveniencing legitimate access. Need-to-know also aims to discourage "browsing" of sensitive material by limiting access to the smallest possible number of people. Examples The Battle of Normandy in 1944 ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Discretionary Access Control
In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria (TCSEC) as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). Discretionary access control is commonly discussed in contrast to mandatory access control (MAC). Occasionally, a system as a whole is said to have "discretionary" or "purely discretionary" access control when that system lacks mandatory access control. On the other hand, systems can implement both MAC and DAC simultaneously, where DAC refers to one category of access controls that subjects can transfer among each other, and MAC refers to a second category of access controls that imposes constraint ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Rbac
In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users. It is an approach to implement mandatory access control (MAC) or discretionary access control (DAC). Role-based access control is a policy-neutral access-control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. A study by NIST has demonstrated that RBAC addresses many needs of commercial and government organizations. RBAC can be used to facilitate administration of security in large organizations with hundreds of users and thousands of permissions. Although RBAC is different from MAC and DAC access control frameworks, it can enforce these policies without any complication. Design Within an organization, roles are created for various job functions. The permissions to perform certain operations are assign ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Trusted Path
A trusted path or trusted channel is a mechanism that provides confidence that the user is communicating with what the user intended to communicate with, ensuring that attackers can't intercept or modify whatever information is being communicated. The term was initially introduced by Orange Book. As its security architecture concept, it can be implemented with any technical safeguards suitable for particular environment and risk profile. Examples Electronic signature In Common Criteria and European Union electronic signature standards ''trusted path'' and ''trusted channel'' describe techniques that prevent interception or tampering with sensitive data as it passes through various system components: * ''trusted path'' — protects data from the user and a security component (e.g. PIN sent to a smart card to unblock it for digital signature), * ''trusted channel'' — protects data between security component and other information resources (e.g. data read from a file and sent to ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Guard (information Security)
In information security, a guard is a device or system for allowing computers on otherwise separate networks to communicate, subject to configured constraints. In many respects a guard is like a firewall and guards may have similar functionality to a gateway. Whereas a firewall is designed to limit traffic to certain services, a guard aims to control the information exchange that the network communication is supporting at the business level. Further, unlike a firewall a guard provides assurance that it is effective in providing this control even under attack and failure conditions. A guard will typically sit between a protected network and an external network, and ensure the protected network is safe from threats posed by the external network and from leaks of sensitive information to the external network. A guard is usually dual-homed, though guards can connect more than two networks, and acts as a full application layer proxy, engaging in separate communications on each interf ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SWIPSY
SWIPSY was a firewall toolkit produced by the Defence Evaluation and Research Agency in the UK (later QinetiQ). The SWIPSY toolkit was an ITSEC E3 (equivalent to Common Criteria EAL4) evaluated product that allowed additional code to be added to its security ‘compartments’ without affecting the evaluation status of the toolkit itself. SWIPSY had security properties that assured network and process separation. In particular processes communicating with one network could not communicate directly with the other network other than by ‘trusted mover agents’ that in turn force data to be passed to the format and content checkers. SWIPSY ran on a Trusted Solaris 8 platform, utilising its Mandatory Access Controls to enforce separation between compartments. SWIPSY, which stood for SWitch IP SecurelY, was used to build an SNMP firewall system called MIDASS. SWIPSY technology was licensed by Clearswift for use in its Deep-Secure line of guard products. SWIPSY was used as the basi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Penelope
Penelope ( ; Ancient Greek: Πηνελόπεια, ''Pēnelópeia'', or el, Πηνελόπη, ''Pēnelópē'') is a character in Homer's ''Odyssey.'' She was the queen of Ithaca and was the daughter of Spartan king Icarius and naiad Periboea. Penelope is known for her fidelity to her husband Odysseus, despite the attention of more than a hundred suitors during his absence. In one source, Penelope's original name was Arnacia or Arnaea. Etymology Glossed by Hesychius as "some kind of bird" (today arbitrarily identified with the Eurasian wigeon, to which Linnaeus gave the binomial ''Anas penelope''), where () is a common Pre-Greek suffix for predatory animals; however, the semantic relation between the proper name and the gloss is not clear. In folk etymology, () is usually understood to combine the Greek word (), "weft", and (), "face", which is considered the most appropriate for a cunning weaver whose motivation is hard to decipher. Robert S. P. Beekes believed the name ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
