Alex,
I've cc: this to the firewalls mailing list since I it was there I first
asked about the Bell-LaPadula model, just over four years ago. Perhaps this
is a FAQ?
It's very hard to find information about the Bell-LaPadula model. The best
reference I know about is a large part of a chapher in "Information Security
Handbook, Caelli, Longley, & Slain, 1994, Macmillan Press, ISBN
0-333-59901-2" (a really great book!).
A reference is also in the Orange Book (also known as DoD 5200.28-STD,
Department of Defense Trusted Computer System Evaluation Criteria (TCSEC)).
Lots of copies of orange book exist over then net.
I don't truely understand the model, but I hope this is will get you
started....
A Quick summary of Bell La-Padula:
Is a Mandatory Access Control which is governed by strict rules for subjects
(an active entity) to access stored information or objects (sets of passive,
protected entities), but have provision for Dicretionary Access Control via
an Access Permissino Matrix.
- military based
- concerned with the confidentiality of information
- requires subject and object definition
- requires clearance and classifications to be given to both subjects and
objects
- policies need to be defined for accesses made to objects by subjects
- assumes integrity of subjects
- applicable to not only somputer security - but to physical and procedural
security
- defines two security axioms:
(1) simple security rule (no read up)
a subject cannot read information for which it is not cleared
(2) (star)*-property (no write down)
subjects cannot move information from an object with a higher
classification to an object with a lower classification
- four modes for current access set are defined:
- execute
- read-only
- append
- read-write
- hierarchy structure imposed on objects
- an object can have many children
- a child object can have only one parent
- the embodiment of the mandatory access control model is done by the level
function:
- subjects and objects are given a security designation
(classification/clearances, set of categories)
- both classification and clearances have a coarse hierarchy
(Top Secret -> Secret -> Confidential -> Unclassified)
- uses a category set (to better fine tune the function)
(subject can be designated as having the clearance
of (secret{cryptology,finance}) for example)
(however is requires a need for overlap in the categories
sub-section)
- the concept of dominance for security designation is introduced
(the clearance of subject A would dominate over subject B, if
and only if (1) subject A's clearance is >= subject B's clearance
AND (2) the category set in subject A's level function set
includes subject B's category set as a subset)
- discretionary access control via the access permission matrix
- a large simple matrix (and sparse) is created with subjects
and objects as rows and columns
- a subject is able to give acces rights to objects owned
to another subject
- in practice it is necessary to specify trusted systems that are allowed to
contravene the *-property in order to perform functions essential to the
operating system (classic example would be a print spooler).
Gavin.
P.S. I would would like the reference URL, so I can place some information
there since I've been getting requests every now and then.
Alexandre wrote:
>
> I'm looking for information on the Bell-LaPadula Security Model (? if
> that is the correct name for it). I've come across this referance under
> guidlines on filtering on security labels (I'm unsure if this is a
> referance to the security label in a IP header or something else, hense
> this request).
>
> Gavin.
>
> Hello Gavin, I found your request because I am also looking for
> infromations for Bell LaPAdula Model and how to implement it (real
> world).
> I am doing this for my MSC by research.
> If you have got informations, would you mind you pass them to me?
> Thank you.
> Alexandre Deo.
>
> -------------------
> [EMAIL PROTECTED]
--
Gavin Longmuir
RSA PGP fingerprint: 6E 68 B6 D7 37 46 BA 3C 04 D7 44 B6 EB 15 3D BA
Join the Internet Society of Australia and help shape tomorrow's world
http://www.isoc-au.org.au/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
