Jump to content

Bell–LaPadula model

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by The Anome (talk | contribs) at 06:39, 19 May 2004 (access control). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The Bell-LaPadula Model is a formal state transition model of computer security policy that describes a set of access control rules.

In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects. The notion of a secure state is defined, and it is proven that each state transition preserves security by moving from secure state to secure state, thereby inductively proving that the system is secure.

A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a specific security policy. In order to determine whether or not a specific access mode is allowed, the clearance of a subject is compared to the classification of the object, and a determination is made as to whether the subject is authorized for the specific access mode. The clearance/classification scheme is expressed in terms of a lattice.

Features of the model

This security model is directed toward security (rather than data integrity) and is characterized by the phrase: “no read up, no write down”.

With Bell-LaPadula, users can only create content at or above their own security level (secret researchers can create secret or top-secret files but may not create public files). Conversely, users can only view content at or below their own security level (secret researchers can view public or secret files, but may not view top-secret files).

See, ITsecurity.com (2003). Bell-LaPadula Security Model. Retrieved May 19, 2004 from http://www.itsecurity.com/dictionary/bell.htm

Retrieved from "https://en.wikipedia.org/w/index.php?title=Bell–LaPadula_model&oldid=3641810"