A model for computer operating system security based on the concept of security subjects and security objects, and the capabilities subjects have to change objects. Subjects are active agents in the computer, for example users, processes, i.e. they are entities which can cause change. Objects are those entities in a computer which can be changed.
The Bell La Padula model implements protection by defining an ordered series of security levels for subjects and objects, and enforcing a write-up and read-down rule. This means that a subject at a given security level X can only read objects at the same or lower security levels. Similarly a subject at security level X can only write objects at the same or higher security levels.
The Bell-LaPadula Model was developed by David Bell and Len LaPadula in 1973 to formalize the U.S. Department of Defense multilevel security policy.
The model is a formal state transition model of computer security policy that describes a set of access control rules by the use of security labels on objects, from the most sensitive to the least sensitive, and clearances for subjects:
Bell, D. Elliott and LaPadula, Leonard J. Secure Computer Systems: Unified Exposition and MULTICS Interpretation".
Conversely, users can only view content at or above their own security level (a monk may read a book written by the high priest, but may not read a pamphlet written by a lowly commoner).
As with Bell-La Padula security model Biba model defines a Simple Security Property and a * (star) property.
The Simple Security Property states that a subject at a given level of integrity may not read an object at a lower integrity level (no read-down).
Feeds |
Contact