Question

The context of the question is Bell-La Padula. 

(a) What is the main security goal of the Bell-La Padula model? 

(b) Alice has secret clearance. She can write to both document A and to document B. Alice can read document A but cannot read document B. Determine the security classification for each of the 2 documents. Show your reasoning. 

Answer 1

(Please do rate the answer if you found useful)

5 a) Bell-La Padula Model - It corresponds to military style classification.

Simplest classification is based on linear ordering of security clearances.Clearances represent sensitivity levels of information.

Higher the security clearance higher the sensitivity of information. Subject has security clearance and Object has security classification.

Eg : Security clearance of RAMBO is C (for Confidential) and Security classification of Electronic mail is S (for Secret)

TOP SECRET (TS) WICK,ROCKY Personnel Files

SECRET (S) STEVE,PETER Electronic Mail Files

CONFIDENTIAL (C) RAMBO,JOHN Activity Log Files

UNCLASSIFIED (UC) HARVEY, RACHEL Telephone List Files

Main Goal of Bell-La Padula model is is to prevent information flowing from objects at a security classification higher than a subject’s clearance to that subject

This model combines mandatory and discretionary access control mechanisms.

5 b) Before answering let us see properties of Bell-La Padula Model

Property 1 :  *-Property: S can write to O if and only if O dom S and S has discretionary write access to O.

or in Simple words no "write down"

Property 2 : Simple Security Condition: S can read O if and only if S dom O and S has discretionary read access to O. or in Simple words no "read up"

dom stands for dominates

Let us define a structure like the one above from the given information:

TOP SECRET (TS) Personnel Files (Document B)

SECRET (S) ALICE Electronic Mail Files (Document A)

CONFIDENTIAL (C)     Activity Log Files

UNCLASSIFIED (UC)     Telephone List Files

Since Alice can write and read to document a It is clear that document A has Security classification of SECRET (S) as per the 2 properties given above(no writes down and no read up - this means same level)

Since Alice can write document b and cannot read document B has Security classification of TOPSECRET (TS) as per the 2 properties given above(writing allowed -> document B is either SECRET or TOP SECRET , read not allowed - so it is clear that document B is TOP SECRET)