Comparing Bell-LaPadula and Biba Models
You have already learned a lot about the Bell-LaPadula and Biba models, but this article will provide some information that has not yet been addressed. View the sections on the Bell-LaPadula and Biba models and compare the two models while you read. What are the rules of each model? When was each model developed? Do the models have other similarities?
- It was the first mathematical model with a multilevel security policy that is used to define the concept of a secure state machine and models of access and outlined rules of access.
- It is a state m/c model that enforces the confidentiality aspects of the access model.
- The model focuses on ensuring that the subjects with different clearances(top secret, secret, confidential) are properly authenticated by having the necessary security clearance, need to know, and formal access approval before accessing an object that is under different classification levels (top secret, secret, confidential).
- The rules of Bell-Lapadula model
- Simple security rule (no read up rule): It states that a subject at a given security level can not read data that resides at a higher security level.
- Star property rule (no write down rule): It states that a subject at a given security level can not write information to lower security levels.
- Strong star property rule: It states a subject that has read and write capabilities can only perform those functions at the same security level, nothing higher and nothing lower.
- Tranquility principle: subjects and objects can not change their security levels once they have been instantiated (created).
- All MAC systems are based on the Bell – Lapadula model because of its multilevel security.
- Designed US govt and mostly adopted by govt agencies
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.