登录查看更多内容

Is your system tranquil?

David Doret

IT Risk & Cybersecurity: IAM & PAM Manager at BNP Paribas

发布日期: 2021年2月19日

The tranquility property is among those fundamental yet little known concepts in information security.

How often do we see security professionals manipulate security labels like children playing with Pokemon cards during recess? This application is “confidential”, that database is “secret”. But while these labels are shuffled around, do we assure the security of the system state transition? This is when strong and weak tranquility come into play…

Oftentimes, a heated debate is necessary to overcome the limitations of a well-established model in science. This is what happened in the 1980s when a contradictory debate between Bell and McLean on the limitations of the Bell-LaPadula model (and formal security models in general) gave birth to the formalization of the tranquility property.

And even though this research is decades old, it is a highly current theme, especially when considering cloud computing.

I hope this sparked your interest...

Find out more and contribute to the Open-Measure wiki: Tranquility Property.

Or follow the Open-Measure LinkedIn Feed.

要查看或添加评论，请登录

David Doret的更多文章

The Disturbing Silence of Access-Control Misconfigurations

2021年7月20日

The Disturbing Silence of Access-Control Misconfigurations

This story is a work of fiction and any resemblance with your organization is intentional. Bob's Story Bob is an IT…

4 条评论
Cybersecurity and the essence of IT systems: if you don't know what you are defending, you can't protect it

2021年5月20日

Cybersecurity and the essence of IT systems: if you don't know what you are defending, you can't protect it

For more than 12 years, the Center for Internet Security (and formerly the SANS Institute) publishes the widely…

2 条评论
The Necessity of Trust

2021年4月3日

The Necessity of Trust

In this post, I will try to build a small interdisciplinary bridge between cybersecurity and philosophy or social…

1 条评论
The Misery of Orphan Accounts

2021年3月30日

The Misery of Orphan Accounts

There’s much more to know about orphan accounts than may appear at first glance. Let’s consider the following…

7 条评论
The infamous Password Spraying Attack

2021年3月21日

The infamous Password Spraying Attack

I just published a new dictionary entry on the Open-Measure dictionary: Some of you will remember when this brute-force…

7 条评论
Self-Sovereign Identity – There's more to it than Identities on a Blockchain

2021年3月14日

Self-Sovereign Identity – There's more to it than Identities on a Blockchain

A fascinating phenomenon emerged a few years ago in the Identity and Access Management (IAM) field: Self-Sovereign…

2 条评论
But what is a security domain?

2021年3月7日

But what is a security domain?

The term information security domain has many definitions. But one of these is a building block concept that underpins…

2 条评论
Zombie Accounts

2021年2月25日

Zombie Accounts

Writing the Zombie Account entry for the Open-Measure dictionary has been a nice opportunity to dive into the related…
Backward compatibility is the skeleton in the closet of cybersecurity

2019年2月16日

Backward compatibility is the skeleton in the closet of cybersecurity

Backward compatibility really is the skeleton in the closet of cybersecurity. This was once more demonstrated by the…
Guessing game: when was published the following text?

2019年1月2日

Guessing game: when was published the following text?

"One of the problems of dealing with computer equipment is the ever-increasing amount of equipment available and the…

See all articles

Is your system tranquil?

David Doret

IT Risk & Cybersecurity: IAM & PAM Manager at BNP Paribas

David Doret的更多文章

社区洞察

其他会员也浏览了

What does security mean #2: What does security mean for your Cloud resources?

Will GCs Avoid the 'Tragedy of the CIO?'

Understanding Google Cloud KMS PQC Support

Aug & Sep 2023 Roundup | EdgeNext

Architecting the Cloud: A Foundation of Power

Courage

The Future of Privacy & Data Protection in the Cloud

?? Enhancing Security with Azure Bastion ??

David Doret的更多文章

The Disturbing Silence of Access-Control Misconfigurations

Cybersecurity and the essence of IT systems: if you don't know what you are defending, you can't protect it

The Necessity of Trust

The Misery of Orphan Accounts

The infamous Password Spraying Attack

Self-Sovereign Identity – There's more to it than Identities on a Blockchain

But what is a security domain?

Zombie Accounts

Backward compatibility is the skeleton in the closet of cybersecurity

Guessing game: when was published the following text?

社区洞察

其他会员也浏览了

What does security mean #2: What does security mean for your Cloud resources?

Will GCs Avoid the 'Tragedy of the CIO?'

Understanding Google Cloud KMS PQC Support

Aug & Sep 2023 Roundup | EdgeNext

Architecting the Cloud: A Foundation of Power

Courage

The Future of Privacy & Data Protection in the Cloud

?? Enhancing Security with Azure Bastion ??