written 8.4 years ago by | • modified 8.4 years ago |
- The Bell and LaPadula Model is an example of an Access Control Policy. This is a popular way of conceptualizing and implementing security.
The basic idea is to introduce rules that control what accesses (i.e., actions) subjects may take with respect to objects.
MAC vs. DAC
Specifically, BLP is a mandatory access control system, as distinguished from a discretionary system.
i. Mandatory Access Controls (MAC): rules are enforced on every attempted access, not at the discretion of any system user;
ii. Discretionary Access Controls (DAC): rule enforcement may be waived or modified by some users.
What that means for BLP is that no access is ever allowed unless it satisfies the Simple Security Property and star Property.
Contrast that with Unix file protection system; Unix implements DAC since file protections can be modified by a file’s owner.
Access Control Matrix
i. In general, any access control policy can be represented by an access control matrix (ACM). Given all subjects and objects in the system, the matrix shows explicitly what accesses are allowed for each subject/object pair.
Object1 | . . . | objectk | |
---|---|---|---|
Subject1 | Ai,Aj | ∅ | |
. . . | |||
$\text{Subject_n}$ | A1 | Ai,Am |
- BLP Access Control Matrix
i. Suppose we had a BLP system with exactly three subjects and objects with the given labels. Suppose also that H > L.
Subjects | Level | Objects | Level |
---|---|---|---|
Subj1 | ( H, { A,B, C } ) | Obj1 | ( L, { A,B, C } ) |
Subj2 | ( L, {} ) | Obj2 | ( L, {} ) |
Subj3 | ( L, { A,B } ) | Obj3 | ( L, { B, C } ) |
The following is the associated access control matrix:
Obj1 | Obj2 | Obj3 | |
---|---|---|---|
Subj1 | R | R | R |
Subj2 | W | R, W | W |
Subj3 | W | R | - |
Access Control Matrix
i. As with any access control policy, you could define an ACM for a large Bell and LaPadula system. However, the matrix would be huge for most realistic systems.
ii. The matrix is implicit in the rules (Simple Security and the *-Property), so access permissions can be computed on the fly.
BLP is an example of a class of policies called “access control policies.” BLP is also an example of a mandatory policy in that the rules are enforced on every attempted access.
Any access control policy can be modeled as an explicit matrix.
- The four key access control principles are as follows:
i. Identification: process of a subject providing the first piece of a credential set.
ii. Authentication: the act of verifying the identity of a subject requesting the use of a system, application, data, resource or network.
iii. Authorization: the act of granting an authenticated subject access to an object.
iv. Accountability: obligations held by an identified individual who is responsible for the safeguarding of specific assets or for their supporting activities.