Google
 
   
Login
Username:

Password:


Lost Password?

Register now!
Search

Advanced Search
Main Menu
top books
Polls
What do you think about php-deluxe.net?
Excellent!
Cool
Hmm..not bad
What the hell is this?
encyclopedia
List of Channel 8...
Orderud
Splash Damage
Hongkong Post
Third-generation...
Alphablox
Direct3D vs. OpenGL
recommendation
compare webbrowser
Freenet DSL
Who's Online
5 user(s) are online (5 user(s) are browsing encyclopedia)

Members: 0
Guests: 5

more...
browser tip
Unix Befehle
manual of unix befehle
recommendation!
Sponsored
partner

Bell-La Padula security model

The Bell-La Padula security model, described mathematically by D.E. Bell and L.J. La Padula in the 1970s, is a model for Computer security based on the concept of security subjects and security objects , and the capabilities subjects have to change objects.

Subjects are active agents in the computer, for example users, processes, other computers, i.e. they are entities which can cause change; objects are those entities in a computer which can be changed.

The Bell La Padula model implements protection by defining an ordered series of security levels for subjects and objects, and enforcing a write-up and read-down rule. This means that a subject at a given security level X can only read objects at the same or lower security levels. Similarly a subject at security level X can only write objects at the same or higher security levels.

= Information flow rules =

To understand the rules, let us assume the actors within the system are process (computing)es. Then, the model is based on two simple rules:

  • a process at one level cannot read from processes at higher levels: for example, if we make the analogy to the military, a Private (rank) cannot read the General s top secret documents.
  • a process at one level cannot write to lower levels: using the same analogy, a General cannot tell the Private top secret information.

    • Strictly adhering to this information theoretically protects from information leakage of top secret information..

    = Analysis of the model =

    Whilst the model is simple and theoretically provable to be secure, there are practical issues with the use of the Bell-La Padula model. Information integrity is not assured within this model. The second property allows for information flow inwards towards the system, which lays it susceptible to the introduction of false or inaccurate information.

    Consider a Private who is told that the enemy will attack the beach, when it will in fact will attack by air. The Private writes this false information to the General s attack plans, and the General will then attack the wrong place. The Bell-La Padula model is designed for keeping secrets in, and not for keeping false information out.

    When the integrity of the information is more important, the Biba_Integrity_Model can be used.

    =See also=

    *Bell-LaPadula model

    =Further reading=

    *D. E. Bell and L. J. LaPadula ,Secure Computer Systems: Mathematical Foundations and Model. The Mitre Corporation, 1976. — Original paper by Bell and La Padula. [http://csrc.nist.gov/publications/history/bell76.pdf PDF version].