Subject Clearance and Object Classification in Security Models
Question
In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The Bell-LAPadula model is also called a multilevel security system because users with different clearances use the system and the system processes data with different classifications.Developed by the US Military in the 1970s.
A security model maps the abstract goals of the policy to information system terms by specifying explicit data structures and techniques necessary to enforce the security policy.
A security model is usually represented in mathematics and analytical ideas, which are mapped to system specifications and then developed by programmers through programming code.
So we have a policy that encompasses security goals, such as "each subject must be authenticated and authorized before accessing an object." The security model takes this requirement and provides the necessary mathematical formulas, relationships, and logic structure to be followed to accomplish this goal.
A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels.
The level at which information is classified determines the handling procedures that should be used.
The Bell- LaPadula model is a state machine model that enforces the confidentiality aspects of access control.
A matrix and security levels are used to determine if subjects can access different objects.
The subjects clearance is compared to the objects classification and then specific rules are applied to control how subject-to-object subject-to-object interactions can take place.
Reference(s) used for this question: Harris, Shon (2012-10-25)
CISSP All-in-One Exam Guide, 6th Edition (p.
369)
McGraw-Hill.
Kindle Edition.
The security model described in the question is the Bell-LaPadula model, also known as the multilevel security model. The model is designed to enforce confidentiality policies, by defining access control rules based on the sensitivity of the information being accessed.
In the Bell-LaPadula model, information is classified into levels of sensitivity, typically represented as a hierarchy. Subjects, which are typically users or processes, are assigned a clearance level, which represents the maximum level of sensitivity they are allowed to access. Objects, which are typically files or resources, are assigned a classification level, which represents the sensitivity of the information they contain.
The model enforces two fundamental security rules: the Simple Security Property (SSP) and the *-Property. The SSP states that a subject can read an object only if the object's classification level is less than or equal to the subject's clearance level. This rule ensures that information is not disclosed to unauthorized subjects. The *-Property states that a subject can write to an object only if the object's classification level is greater than or equal to the subject's clearance level. This rule ensures that information is not modified by unauthorized subjects.
The Bell-LaPadula model also includes rules for mandatory access control, which can be used to enforce additional security policies. For example, the model can be extended to prevent subjects from copying information from objects with a higher classification level to objects with a lower classification level, which is known as the "no write down" policy.
In summary, the Bell-LaPadula model is a security model that enforces access control based on the sensitivity of information being accessed, by comparing the clearance level of subjects to the classification level of objects. The model is designed to ensure confidentiality and includes rules for mandatory access control.
