CSC 386 – Computer Security Scott Heggen Agenda • Bell-LaPadula Model of Computer Security Bell-LaPadula (BLP) • Goals: • State machine model developed in the 1970s for the analysis of MLS operating systems. • Subjects and objects labeled with security levels that form a partial ordering. • The policy: No information flow from ‘high’ security levels down to ‘low’ security level (confidentiality). • Only considers information flows that occur when a subject observes or alters an object. • Access permissions defined through an access control matrix and security levels. State Machine Off On BLP Read? Public Read? Secret Read? Top Secret No Read-up! Her Majesty’s Eyes Only BLP Read? Public Read? Secret Read? Top Secret Read-down okay! Her Majesty’s Eyes Only BLP Write? Public Write? Secret Write? Top Secret No write-down! Her Majesty’s Eyes Only BLP Write? Public Write? Secret Write? Top Secret Write-up okay! Her Majesty’s Eyes Only BLP • Reading: No Read-up ss-property • Okay from high-to-low level • Forbidden from low-to-high level • Writing: • Okay from low-to-high level • Forbidden from high-to-low level No Write-down ★-property BLP • Other cases • Should all “Top Secret” subjects be able to see all “Top Secret” objects? • The discretionary security property (ds-property) handles individual cases Implementing BLP • Scenario: • Create four people: Larry, Curly, Moe, and Shemp • Give each person a security level: • • • • Moe - Her Majesty’s Eyes Only Larry – Top Secret Curly – Secret Shemp – Public • Modify the blpmain.py program so that it: • Allows any person to create a file. The file should include the creator’s security level (so you can check it later). • Allow each person to READ files at or below their security level • Allow each person to WRITE (append) to a file at or above their security level