Bell LaPadula (was Re: MAC implementation with definable policy)
Peter J. Holzer
hjp at wsr.ac.at
Wed Oct 6 10:56:02 GMT 1999
On 1999-09-30 17:38:23 +0400, Ilmar S. Habibulin wrote:
> On Thu, 30 Sep 1999, Peter J. Holzer wrote:
>
> > the BL model, the officers can only listen to the soldiers, but not
> > talk to them. Makes giving orders rather hard :-)
> Order not often are confidetial. ;-)
Yes, but according to the Bell-LaPadula model, everything somebody who
has access to confidential information, utters, is confidential, so in
the BLM, orders are confidential (which doesn't make sense, IMHO).
Lets take a somewhat more computer-oriented example.
Assume we have a database which contains data about individuals (e.g.,
name, age, sex, income, etc.). The data about every single individual is
considered confidential. However, statistical data on the whole database
(e.g, percentage of male/female, distribution of age, income, etc.) is
not considered confidential. As I understand the BLM, it is not possible
to have a program which reads the confidential database, extracts
statistics from it and writes the results to a non-confidential file.
It is of course possible if you combine BL with capabilities, so you can
grant "read up" or "write down" permissions to the program.
hp
--
_ | Peter J. Holzer | Nobody should ever have to be
|_|_) | Sysadmin WSR / Obmann LUGA | ashamed if they have a secret love
| | | hjp at wsr.ac.at | for writing computer programs that
__/ | http://wsrx.wsr.ac.at/~hjp/ | actually work. -- Donald E. Knuth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 371 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/posix1e/attachments/19991006/df8aa4cc/attachment.bin
More information about the posix1e
mailing list