Bell LaPadula

Reference:

The simplest type of confidentiality classification is a set of security clearance, or security classification arranged in a linear (total) ordering. For example, the set below is {TS, S, C, UC}:

-------------------------------------

TOP SECRET (TS)     Tamara, Thomas      Personal Files

SECRET (S)          Sally, Samuel       Electronic Mail Files

CONFIDENTIAL (C)    Claire, Clarence    Activity Log Files

UNCLASSIFIED (UC)   Ulaley, Ursula      Telephone List Files

--------------------------------------

The goal of Bell-LaPadula model:

Prevent information flowing from object with higher security classification to subject with lower security clearance.

Bell-LaPadula security model combines mandatory and discretionary access controls. Were the mandatory controls not present, discretionary ones will take effect.

Let L(S) = l_s be the security clearance of subject S, and let L(O) = l_o be the security classification of object O.

  • READ: from high to low. S can read O if and only if l_o <= l_s and S has discretionary read access to O.
  • Write: from low to high. S can write O if and only if l_o >= l_s and S has discretionary write access to O.
Created Oct 7, 2019 // Last Updated Jul 18, 2021

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?