A security model maps the abstract goals of the policy to information system terms by specifying explicit data structures and techniques necessary to enforce the security policy.
A security policy outlines goals without regard to how they will be accomplished. A model is a framework that gives the policy form and solves security access problems for particular situations.
Bell-LaPadula Model
The Bell-LaPadula model enforces the confidentiality aspects of access control. A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels.
The Bell-LaPadula model was developed to make sure secrets stay secret; thus, it provides and addresses confidentiality only.
Three main rules are used and enforced in the Bell-LaPadula model:
- Simple security rule
- *-property (star property) rule
- Strong star property rule
The simple security rule states that a subject at a given security level cannot read data that resides at a higher security level.
The *-property rule (star property rule) states that a subject in a given security level cannot write information to a lower security level.
The strong star property rule states that a subject who has read and write capabilities can only perform both of those functions at the same security level; nothing higher and nothing lower.
剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:3.5 安全模型
