PORTIA: Of a strange nature is the suit you follow;
Yet in such rule that the Venetian law
Cannot impugn you as you do proceed.
[To Antonio.] You stand within his danger, do you not?
– The Merchant of Venice, IV, i, 177–180
Book: Computer Security, Art and Science, By Matt Bishop, 2nd edition.
A security policy defines “secure” for a system or a set of systems.
A security policy is a statement that partitions the states of the system into a set of authorized, or secure, states and a set of unauthorized, or nonsecure, states.
A confidentiality policy, also called an information flow policy, prevents unauthorized disclosure of information. Unauthorized alteration of information is secondary. For example, the navy must keep confidential the date on which a troop ship will sail. If the date is changed, the redundancy in the systems and paperwork should catch that change. But if the enemy knows the data of sailing, the ship could be sunk.
Bell-LaPadula Model
Reference: Computer Security, Art and Science/ By Matt Bishop, 2nd edition. The simplest type of confidentiality classification is a set of security clearance, or security classification arranged in a linear (total) ordering. For example, the set below is {TS, S, C, UC}: ------------------------------------- TOP SECRET (TS) Tamara, Thomas Personal Files SECRET (S) Sally, Samuel Electronic Mail Files CONFIDENTIAL (C) Claire, Clarence Activity Log Files UNCLASSIFIED (UC) Ulaley, Ursula Telephone List Files -------------------------------------- The goal of Bell-LaPadula model:
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?