Mandatory Access Control - Associated Models

g33k3r

According to my notes:

MAC - system enforced access control based on subject clearance and object labels. Subject can only access an object if the subject's clearance is equal to or greater than the object's label. Subjects cannot shared objects with other subjects who lack proper clearance or move data to a lower label. Focus is on confidentiality.

The Conrad books states:

The concept of reading down and writing up apply to Mandatory Access Control models such as Bell-LaPadula.

Under the Bell-LaPadula section it mentions:
Simple Security Property - no read up
* Security Property - no write down

Maybe its been the 6 hour days of studying but this seems backwards.

Is Bell-LaPadula the only model that is considered to use MAC?

Initially I thought others such as Biba even though it focuses on Integrity vs. Confidentiality.

Thoughts?

gespenstern

IMO, MAC is any security access control where policies are enforced by a system as opposed to data owner, etc. Both Bell-LaPadula and Biba and (security labels based models also) are examples of MAC implementation.

And it's not backwards as "no read up" implies reading down and "no write down" implies writing up. Think about it, confidential data potentially could be compromised if you write it down (say, ring 0 writes to ring 3, or CISO writes to security analyst). Confidentiality of data can't be compromised if, say, ring 3 writes its data to ring 0 or CISO writes a message to CEO. Also, confidentiality could potentially be compromised if ring 3 somehow finds a way to read ring 0 data or a security analyst reads data that requires CISO level read access. That's confidentiality, i.e. Bell-LaPadula.

For Biba it is vice versa, no write up (in order to avoid compromising integrity of higher level data) and no read down (in order to preserve your level data integrity from being influenced by potentially "dirty" lower level data).

TechGuru80

Generally when you think MAC you are thinking clearance levels i.e. Bell LaPadula. Especially when talking confidentiality. When you talk about integrity you are thinking models like Biba...no read down no write up.

g33k3r

I understand the concept but the converse nature of the words get my mind twisted. Lets see if I can explain it for the two models which are both MAC correct?

Bell-Lapadula (Protects Confidentiality):
- Simple Security Property - No read up. A subject with Secret security clearance cannot read an object with a Top Secret security clearance.
- * Security Property - No write down. A subject with Top Secret clearance cannot write down to an object with Secret security clearance.

Biba (Protects Integrity):
- Simple Integrity Axiom - No read down. A subject with Top Secret clearance cannot read an object with Secret clearance.
- * Integrity Axiom - No write up. A subject with Secret clearance cannot write to an object with Top Secret clearance.

Kelly from Cybrary said, "Down data is dirty" which helps me remember.

I sure hope this makes sense and I am on the money. Maybe I should take a break tonight

TechGuru80

You don't normally hear about models not focusing on confidentially in the same breath as clearance levels. Generally confidentiality is the most important.

Think of it this way....MAC means somebody other than the owner sets the access and generally have some type of clearance or label. Then you have the models that focus on either confidentiality or integrity. See the link below for a few notes. I think you are just over thinking it.

http://www.cis.syr.edu/~wedu/Teaching/cis643/LectureNotes_New/MAC.pdf

g33k3r

I have a tendency to over think a lot of things

This all makes sense. The practice questions sometimes are out of left field which is forcing me to dig a little deeper, but sometime too deep.