Options
bel la padula
can someone give me a good link discribing this model, I couldnt find anything usefull except a definition. I read a post someone talking this was on the exam, I can find it in my all in one book
thanks
thanks
Xinxing is the hairy one.
Comments
-
Options
RussS
Member Posts: 2,068 ■■■□□□□□□□
http://www-users.itlabs.umn.edu/classes/Spring-2002/csci8102/ClassNotes/Lecture12/Lecture12-6on1.pdf is not a bad resource.www.supercross.com
FIM website of the year 2007 -
Options
Webmaster
Admin Posts: 10,292 Admin
-
Options
pandimus
Member Posts: 651
My bad, didnt realize we had a technote here..
But thank both of you.Xinxing is the hairy one. -
Options
JDMurray
Admin Posts: 13,031 Admin
For the Security+ exam, make sure you know the (minor) differences between the Lattice and Bell-LaPadula models and how they relate to the MAC access control model. There will be one or two questions on it.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
OptionsRussS
Member Posts: 2,068 ■■■□□□□□□□
And remember .... bell la padula is ...... wait for it ...
a RULE based access model
www.supercross.com
FIM website of the year 2007 -
Optionspandimus
Member Posts: 651
When i get a good chance to study this theory, i will tell you if i remotly understand what you just said.. heheXinxing is the hairy one.
-
OptionsWebmaster
Admin Posts: 10,292 Admin
Note that Bell LaPadula uses primarily Mandatory Access Controls, BLP developed the early MAC. CompTIA uses three primary categories, which are MAC, DAC and RoleBAC (RuleBAC may turn up in the exam though...).
Although it's also described in the TechNote I metioned above, also check out this post for more detailed information:
www.techexams.net/forums/viewtopic.php?t=3069 -
OptionsRussS
Member Posts: 2,068 ■■■□□□□□□□
Thanks for popping that in Johan. After our conversation I was meaning to post about how BLP uses RULES, but is NOT .... RBAC as in Comptias definition. Role Based Access Control.
The technotes actually explain this fairly well
www.supercross.com
FIM website of the year 2007 -
OptionsWebmaster
Admin Posts: 10,292 Admin
You're welcome Russ and thanks
And you're right, a lot of what is going on in the BLP model is based on rules. For the CompTIA exam it is important to know BLP is MAC 'just' because an admin sets the controls and the labels (again, not entirely accurate because BLP includes a DAC property...), and therefore dictates the outcome of the rules. Perhaps the term Rule-Based-Mandatory Access Control model would be more in place. But than again, Rule-Based Access Control is usually considered as a 'type of MAC'
-
Optionsrobocal2
Member Posts: 6 ■□□□□□□□□□
i thought i understood but i am confused again....
if lattice and BLP are so closely related with 'minor' differences, would MAC be lattice or BLP
: -
OptionsJDMurray
Admin Posts: 13,031 Admin
Both Lattice and BLP are MAC-based models. BLP and Lattice are practically the same models, but BLP is a bit stricter in that a user is not permitted to write into a document with a lower security level than the user’s own security level. Lattice therefore does not prevent disclosure of higher-level information to lower-level users, but BLP does.
For example, let's say I have Admin privilages, and I have access to a document that only Admins can read. Under Lattice, I can create a new document with a lower privilage level, and then copy the data from the Admin-level document to this new, lower-level document. Lower-level users can now read the Admin-only information from this new document. Under BLP this is not possible.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
