|
|
|
|
|
Bell-la Padula Security ModelThe Bell-La Padula security model is a way of organizing information flow between objects or actors within separate security levels within some computing system. Information flow rules Let us assume the actors within the system are processes. Then, the model is based on two simple rules: - a process at one level cannot read from processes at higher levels: for example, if we make the analogy to the military, a Private cannot read the General's top secret documents.
- a process at one level cannot write to lower levels: using the same analogy, a General cannot tell the Private top secret information.
Strictly adhering to this information theoretically protects from information leakage of top secret information. Analysis of the model Whilst the model is simple and theoretically provable to be secure, there are practical issues with the use of the Bell-La Padula model. Information integrity is not assured within this model. The second property allows for information flow inwards towards the system, which lays it susceptible to the introduction of false or inaccurate information. Consider a Private who is told that the enemy will attack the beach, when it will in fact will attack by air. The Private writes this false information to the General's attack plans, and the General will then attack the wrong place. The Bell-La Padula model is designed for keeping secrets in, and not for keeping false information out. When the integrity of the information is more important, the Biba security model can be used.
|
 |
|
| Copyright 2005-2009 OnPedia.com. All Rights Reserved |
|
|