my question is based on the post made Toaster which never got a reply (Bell-LaPadula Model Compartments). In BLP If a subject has a classification level General and compartment Land (General, {Land}), would he be able to read/write to (General, {Sea}) which has the same classification but different compartment?
Also if he wants to read a file of lower classification AND different compartment, e.g. (Soldier, {Air}, would he be unable to do so becasue he does not have the same compartment?
TL;DR - No and No
I'm assuming in your classification system that a "General" has a higher sensitivity level (e.g. Top Secret) than a "Soldier" (e.g. Secret).
(General, {Land}), would he be able to read/write to (General, {Sea})
No, for both read and write because Land and Sea are separate compartments.
Classification labels are of the form (Sr, Sc) where Sr is a sensitivity and Sc is a set of compartments. We say that (Or, Oc) dominates (Sr, Sc) if (Sr, Sc) <= (Or, Oc). This <= relation is true when
Sr <= Or where the <= relationship here is with respect to the classified/sensitive/secret/top secret sensitivity classification, and
Sc <= Oc where the <= relationship is a subset relation on sets.
read a file of lower classification AND different compartment
No again, based on the discretionary control of the compartment. If the object was (Soldier, {Land}) access would be granted but because it's a different compartment, no.
Even if someone has all the necessary official approvals (such as a security clearance) to access certain information they should not be given access to such information unless they have a need to know: that is, unless access to the specific information necessary for the conduct of one's official duties.
References
Multi-level Security
Purdue CS426 Fall 2010 Lecture 21
