Bell LaPadula (was Re: MAC implementation with definable policy)

[James Buster]

On Oct 6, 12:56pm, "Peter J. Holzer" wrote:
} Yes, but according to the Bell-LaPadula model, everything somebody who
} has access to confidential information, utters, is confidential, so in
} the BLM, orders are confidential (which doesn't make sense, IMHO).

It makes perfect sense if you understand that there is nothing that
enables a computer to disinguish between confidential and non-confidential
utterances. Further, how do you know that an allegedly non-confidential
utterance doesn't contain confidential information within it? Given that,
anything that a person with access to confidential information utters is
itself confidential, unless and until that utterance is cleared by the
powers that be (in other words, until that data is downgraded by the
System Security Officer).

} As I understand the BLM, it is not possible to have a program which
} reads the confidential database, extracts statistics from it and writes
} the results to a non-confidential file. 

And anybody with an understanding of statistics knows that statistical
information about a confidential information set tells you a lot about
that set. That's why traffic analysis is such an important part of
spy operations (knowing who you speak to and in what pattern is as
important as knowing what you spoke about).

-- 
Planet Bog -- pools of toxic chemicals bubble under a choking
atomsphere of poisonous gases... but aside from that, it's not
much like Earth.
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message