Bell LaPadula (was Re: MAC implementation with definable policy)

Peter J. Holzer hjp at wsr.ac.at
Thu Oct 7 09:06:37 GMT 1999 

On 1999-10-06 15:40:34 -0700, James Buster wrote:
> On Oct 6, 12:56pm, "Peter J. Holzer" wrote:
> } Yes, but according to the Bell-LaPadula model, everything somebody
> } who has access to confidential information, utters, is confidential,
> } so in the BLM, orders are confidential (which doesn't make sense,
> } IMHO).
>
> It makes perfect sense if you understand that there is nothing
> that enables a computer to disinguish between confidential and
> non-confidential utterances.

I do understand this reasoning. I just don't think the BLM is useful in
the real world except for very limited purposes. In just about every
application I can think of, information has to flow in both directions.
The BLM doesn't allow this if the two processes have different labels.

> } As I understand the BLM, it is not possible to have a program which
> } reads the confidential database, extracts statistics from it and
> } writes the results to a non-confidential file.
>
> And anybody with an understanding of statistics knows that statistical
> information about a confidential information set tells you a lot about
> that set.

That depends on the statistical information. There are lots of
statistical information about large sets of people which are not
confidential. The examples I gave are real. We do have data about
individuals which are confidential (You wouldn't want daily data about
when you were unemployed, when you called in sick, when you were on
holiday, etc. posted on a public web server, would you?). However, the
aggregates over the whole set (e.g., "the average austrian employee
was away sick for $n$ days last year") is not - that kind of data is
published in newspapers. A model which simply doesn't allow that kind of
application is useless for a large part of data processing.

	hp

-- 
   _  | Peter J. Holzer             | Nobody should ever have to be
|_|_) | Sysadmin WSR / Obmann LUGA  | ashamed if they have a secret love
| |   | hjp at wsr.ac.at               | for writing computer programs that
__/   | http://wsrx.wsr.ac.at/~hjp/ | actually work.  -- Donald E. Knuth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 371 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/posix1e/attachments/19991007/7d7868f1/attachment.bin

More information about the posix1e mailing list