Page 501 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 501
Permissions Permissions Permissions
Bell-LaPadula Model
The U.S. Department of Defense (DoD) developed the Bell-LaPadula
model in the 1970s to address concerns about protecting classified
information. The DoD manages multiple levels of classified resources,
and the Bell-LaPadula multilevel model was derived from the DoD’s
multilevel security policies. The classifications the DoD uses are
numerous; however, discussions of classifications within the CISSP
Common Body of Knowledge (CBK) are usually limited to unclassified,
sensitive but unclassified, confidential, secret, and top secret. The
multilevel security policy states that a subject with any level of
clearance can access resources at or below its clearance level.
However, within the higher clearance levels, access is granted only on
a need-to-know basis. In other words, access to a specific object is
granted to the classified levels only if a specific work task requires such
access. For example, any person with a secret security clearance can
access secret, confidential, sensitive but unclassified, and unclassified
documents but not top-secret documents. Also, to access a document
within the secret level, the person seeking access must also have a
need to know for that document.
By design, the Bell-LaPadula model prevents the leaking or transfer of
classified information to less secure clearance levels. This is
accomplished by blocking lower-classified subjects from accessing
higher-classified objects. With these restrictions, the Bell-LaPadula
model is focused on maintaining the confidentiality of objects. Thus,
the complexities involved in ensuring the confidentiality of documents
are addressed in the Bell-LaPadula model. However, Bell-LaPadula
does not address the aspects of integrity or availability for objects.
Bell-LaPadula is also the first mathematical model of a multilevel
security policy.
Lattice-Based Access Control
