 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
SECURITY LABORATORY SEMINAR
November 25, 1998
1131 ENG II
1:00 ²2:00
In attendance:
Matt Bishop, Tuomas Aura, David OþBrien, Steven Cheung, Brant Hashii,
Jim Hoagland, Scott Miller, Nick Puketza, Chriss Wee, Dan Zerkle
Matt Bishop presents the Bell-LaPadula Model
David E. Bell and Leonard La Padula, Secure Computer System: Unified Exposition and Multics Interpretation, ESD-TR-75-306, ESD/AFSC, Hanscom AFB, Bedford, MA (1975) [DTIC AD-A023588]
Security clearance fsc ² subject
Security level foc ² object
| Levels |
|
||
|
|
(President) |
|
|
| Top Secret | |||
| Secret | |||
| Classified | |||
| Unclassified | |||
Simple Security Property
Star Property
Discretionary Access Control Rules ² applies to reading and writing
- Mandatory Controls
- Discretionary Access Controls
Security level foc (o)
Security compartment fsk (s)
Security compartment fok (o)
P = rights = {read, write, edit, own}
V = state = (b, a, f)
B = matrix who can do what to whom = b e
P (S x O x P)
A = Access control matrix current system
R = Request = Yes / No / Illegal / Error (not sure which rule applies)
W = set of actions = W Í R x P x V
x V
Code for the Simple Security Condition, the Star Property and the Discretionary Access Control Property (see paper)
16 Rules from MULTICS (see
paper)
Questions?
How closely does the model match reality? It is possible to break MULTICS