CSC 386 – Computer Security
Scott Heggen
Agenda
• Bell-LaPadula Model of Computer Security
Bell-LaPadula (BLP)
• Goals:
• State machine model developed in the 1970s for the analysis of MLS
operating systems.
• Subjects and objects labeled with security levels that form a partial ordering.
• The policy: No information flow from ‘high’ security levels down to ‘low’
security level (confidentiality).
• Only considers information flows that occur when a subject observes or alters
an object.
• Access permissions defined through an access control matrix and security
levels.
State Machine
Off
On
BLP
Read?
Public
Read?
Secret
Read?
Top
Secret
No Read-up!
Her
Majesty’s
Eyes Only
BLP
Read?
Public
Read?
Secret
Read?
Top
Secret
Read-down okay!
Her
Majesty’s
Eyes Only
BLP
Write?
Public
Write?
Secret
Write?
Top
Secret
No write-down!
Her
Majesty’s
Eyes Only
BLP
Write?
Public
Write?
Secret
Write?
Top
Secret
Write-up okay!
Her
Majesty’s
Eyes Only
BLP
• Reading:
No Read-up
ss-property
• Okay from high-to-low level
• Forbidden from low-to-high level
• Writing:
• Okay from low-to-high level
• Forbidden from high-to-low level
No Write-down
★-property
BLP
• Other cases
• Should all “Top Secret” subjects be able to see all “Top Secret” objects?
• The discretionary security property (ds-property) handles individual cases
Implementing BLP
• Scenario:
• Create four people: Larry, Curly, Moe, and Shemp
• Give each person a security level:
•
•
•
•
Moe - Her Majesty’s Eyes Only
Larry – Top Secret
Curly – Secret
Shemp – Public
• Modify the blpmain.py program so that it:
• Allows any person to create a file. The file should include the creator’s security level (so
you can check it later).
• Allow each person to READ files at or below their security level
• Allow each person to WRITE (append) to a file at or above their security level