Bell LaPadula security model

The Bell-LaPadula security model describes an IT security model and is "considered the first fully formalized". It protects the confidentiality of information through a system of enforced rules. It thus implements the concept of mandatory access control for IT system security. It should not be possible to read information from a higher protection level or to transfer information from a higher protection level to a lower protection level. Systems based on the Bell-LaPadula principle were mainly used when data is subject to a certain degree of confidentiality. The classic Bell LaPadula systems have been replaced by lattice- or compartment -based systems (in German: association or category-based systems ) which implement horizontal and vertical classifications (segments).

background

The security model was developed in 1973 by David Elliott Bell and Leonard J. LaPadula on behalf of the US Air Force . The Bell-LaPadula model primarily protects the confidentiality of data : The main focus is on controlling the flow of information . It should not be possible for confidential information to be passed on to untrustworthy people. This is in contrast to the Biba model , which is a reversal of the Bell-LaPadula model and mainly ensures the integrity of the information flow.

Three rules are checked before each access:

No-read-up or simple security property
It should not be possible for people with lower ratings to read information from more trustworthy people.
No-Write-Down or ★ -property People with a
higher ranking are not allowed to write to files of less trustworthy people. This prevents them from passing information "downwards".
A freely definable access matrix or discretionary security property
There is a freely definable access control matrix to specify the access of subjects to objects.

The term ★ -property should come from the fact that the authors of the model were so pressed for time that they could not clean up the papers to be submitted, and the asterisk ( ★ ) was retained as a placeholder.

use

Various operating systems (OS) designed for security are based on the Bell-LaPadula model. The OS implement the model under the designation Multi-Level Security (MLS). Examples are SELinux , Red Hat Enterprise Linux, IBM z / OS for mainframes and, among others, Trusted Solaris with the integrated Trusted Extensions .

Mathematical principles

Each object O is assigned the area of responsibility and classification (Z (O), E (O))
Area of responsibility and authorization are assigned to each subject S (Z (S), E (S))

Reading objects is only possible if:

{\ displaystyle {\ begin {cases} Z (O) \ subseteq Z (S) \\ E (S) \ geq E (O) \ end {cases}}}

Writing objects is only possible if:

{\ displaystyle {\ begin {cases} Z (S) \ subseteq Z (O) \\ E (S) \ leq E (O) \ end {cases}}}

Creation of subjects T (e.g. processes):

{\ displaystyle {\ begin {cases} Z (T) \ subseteq Z (S) \\ E (T) \ leq E (S) \ end {cases}}}

The following must also apply:

{\ displaystyle Z (S) \ subseteq Z (O) \; \ neq \; \ emptyset}

literature

Heinrich Kersten: Introduction to Computer Security. Oldenbourg, Munich et al. 1991, ISBN 3-486-21873-5 ( Security in information technology. 3, series of publications, vol. 1).

Individual evidence

^ ^A ^b Claudia Eckert: IT security. Concepts - Procedures - Protocols. 6th, revised and expanded edition. Oldenbourg, 2009, ISBN 978-3-486-58999-3
^ D. Elliott Bell, Leonard J. LaPadula: Secure Computer Systems: Mathematical Foundations. (PDF; 192 kB) (No longer available online.) MITER Corporation , 1973, archived from the original on June 18, 2006 ; accessed on March 13, 2008 (English). Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2
^ D. Elliott Bell, Leonard J. LaPadula: Secure Computer Systems: Unified Exposition and MULTICS Interpretation. (PDF; 3.1 MB) MITER Corporation, 1976, accessed on March 13, 2008 (English).
^ D. Elliott Bell: Looking Back at the Bell-La Padula Model. (PDF; 224 kB) December 7, 2005, accessed on January 25, 2011 (English, doi: 10.1109 / CSAC.2005.37 ).
^ William Stallings, Lawrie Brown: Computer security: principles and practice . Prentice Hall, Upper Saddle River, NJ 2008, ISBN 978-0-13-513711-6 .

[Eckert_6te-1] A ^b Claudia Eckert: IT security. Concepts - Procedures - Protocols. 6th, revised and expanded edition. Oldenbourg, 2009, ISBN 978-3-486-58999-3

[2] D. Elliott Bell, Leonard J. LaPadula: Secure Computer Systems: Mathematical Foundations. (PDF; 192 kB) (No longer available online.) MITER Corporation , 1973, archived from the original on June 18, 2006 ; accessed on March 13, 2008 (English). Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2

[3] D. Elliott Bell, Leonard J. LaPadula: Secure Computer Systems: Unified Exposition and MULTICS Interpretation. (PDF; 3.1 MB) MITER Corporation, 1976, accessed on March 13, 2008 (English).

[4] D. Elliott Bell: Looking Back at the Bell-La Padula Model. (PDF; 224 kB) December 7, 2005, accessed on January 25, 2011 (English, doi: 10.1109 / CSAC.2005.37 ).

[5] William Stallings, Lawrie Brown: Computer security: principles and practice . Prentice Hall, Upper Saddle River, NJ 2008, ISBN 978-0-13-513711-6 .

Bell LaPadula security model

contents

background

use

Mathematical principles

See also

literature

Individual evidence