IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [bell-lapadula]

22 questions
9
votes
3 answers

Why does the ★-property rule of the Bell-LaPadula Model allow information to be stored in objects with HIGHER sensitivity labels?

I'm self-studying for the CISSP exam and am having difficulty wrapping my mind around the practical side of the ★-property rule in the Bell-LaPadula Model. I understand the mechanics of it and that it protects against accidentally downgrading…
Mike B
  • 3,336
  • 4
  • 29
  • 39
8
votes
3 answers

Bell-LaPadula imlementation example

I'm currently studying the Bell-LaPadula model and i need to do an implementation as an example. I understand how the model works, but I have difficulties implementing it in a programming language (for example Java). I consider to have the…
user1019710
  • 81
  • 1
  • 1
  • 3
8
votes
2 answers

Bell-LaPadula and Biba Together

Theoretically, could the Bell-Lapaluda security model be implemented with the Biba integrity model in an Operating System? Or do are they mutually exclusive? [Edit: Follow up from this question on SU]
Rose Kunkel
  • 183
  • 1
  • 4
5
votes
2 answers

Biba and Bell LaPadula together

Can Biba model always be combined with Bell-LaPadula model? What are the issues that arise?Would there be conflicts?How would information flow be affected?
zigglytones
  • 153
  • 1
  • 1
  • 3
4
votes
1 answer

BLP Lattice-structured system from Access Control Matrix

I've been reading a Computer Security book by William Stallings and have found this example of an Access Control Matrix: Any example will do. I just thought I'd screenshot this off CourseSmart. How does one convert an access control matrix like the…
John
  • 41
  • 1
  • 3
4
votes
2 answers

How can the low-water mark property apply to Bell-LaPadula?

I am taking a computer security class, and have a homework problem which has the following setup: Now assume a dynamic version of the Bell-La Padula Confidentiality model that incorporates a suitable version of the low watermark property, where…
Cat
  • 141
  • 5
4
votes
2 answers

Bell-LaPadula no read no write

I'm reading about the Bell-LaPadula model. I understand the Simple Security Property and the Star Property, and I see that the model also incorporates a Discretional Security Property. My question is: Let's imagine that we have one user (U1) and two…
patmuir
  • 41
  • 1
3
votes
2 answers

Access control of Linux and Bell LaPadula Model

I know that access control is a very important think when we want to protect our files and in security in general. Does anyone know what access control system is used by linux? In addition I just found the Bell-LaPadula model, which I find very…
John Smith
  • 143
  • 4
3
votes
1 answer

Are Bell-LaPadula and Biba models used in real big software security design?

I am currently studying both Bell-LaPadula and Biba models, I found this models too theoretical as I see the examples and I can see that there are used for designing particular services that needs particular security design that can be achieved with…
Mauricio Pastorini
  • 133
  • 4
3
votes
1 answer

Covert Channels Exploit and the Bell-LaPadula MAC Model

I'm wrapping my head around Mandatory Access Control (MAC) and the well-known Bell-LaPadula model. One limitation that is mentioned with this model is covert channel exploitation. The one example I have learned is regarding Database Object…
Jonathan
  • 155
  • 2
  • 9
2
votes
1 answer

Can a subject in Bell-LaPadula model write to other files with different compartments but same classification?

my question is based on the post made Toaster which never got a reply (Bell-LaPadula Model Compartments). In BLP If a subject has a classification level General and compartment Land (General, {Land}), would he be able to read/write to (General,…
jefazo92
  • 31
  • 1
2
votes
1 answer

Bell-LaPadula Model Compartments

I'm trying to figure out Bell-LaPadula model and am having a hard time with compartments. If Subject 1 is (SECRET, {C}) and they want to read Document 1 which is (UNCLASSIFIED, {A, B, C}), would they be able to? Read down is accepted in the…
Toaster
  • 21
  • 1
2
votes
1 answer

Does the subject HAVE to dominate the object in order to access the object?

Lets say Paul, is cleared for (TOP SECRET, {A,C}) where top secret is his clearance and A & C privledges. He wants to access a Document classified (Secret,{B,C}).. Top secret trumps Secret but in order for paul to "dominate" the documents…
Ryan
  • 35
  • 1
  • 4
2
votes
1 answer

Putting the Biba-LaPadula Mandatory Access Control Methods to Practise?

Text books on database systems always refer to the two Mandatory Access Control models; Biba for the Integrity objective and Bell-LaPadula for the Secrecy or Confidentiality objective. Text books tend to recommend that a combination of these methods…
Jonathan
  • 155
  • 2
  • 9
2
votes
1 answer

mandatory access control for database security

For mandatory access control, the following rules, due to Bell and La Padula, are imposed: User i can retrieve object j only if the clearance level of i is greater than or equal to the classification level of j. User i can update object j only if…
Ju Ju
  • 39
  • 3
1
2