Bell LaPadula (was Re: MAC implementation with definable policy)

[Ilmar S. Habibulin]

On Thu, 7 Oct 1999, Peter J. Holzer wrote:

> I do understand this reasoning. I just don't think the BLM is useful in
> the real world except for very limited purposes. In just about every
> application I can think of, information has to flow in both directions.
> The BLM doesn't allow this if the two processes have different labels.
BLM is very old model. And it is perfect in describing secret document
processing. Documents is files. DBMS is the child of progress, and there
is no such object in document processing, which can be placed instead of
DB or simple table. Yes, there are some tables, but all they are
documents. And you have to work with the as with documents.

> That depends on the statistical information. There are lots of
> statistical information about large sets of people which are not
> confidential. The examples I gave are real. We do have data about
> individuals which are confidential (You wouldn't want daily data about
> when you were unemployed, when you called in sick, when you were on
> holiday, etc. posted on a public web server, would you?). However, the
> aggregates over the whole set (e.g., "the average austrian employee
> was away sick for $n$ days last year") is not - that kind of data is
> published in newspapers. A model which simply doesn't allow that kind of
> application is useless for a large part of data processing.

You should use another model here, DAC is enough i suppose. This is not
secret document processing. For MAC emplementation in DBMS you may read
rainbow book, sorry i don't remember the color. ;-)

To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message