bel la padula
can someone give me a good link discribing this model, I couldnt find anything usefull except a definition. I read a post someone talking this was on the exam, I can find it in my all in one book
thanks
thanks
Xinxing is the hairy one.
Comments
-
RussS Member Posts: 2,068 ■■■□□□□□□□http://www-users.itlabs.umn.edu/classes/Spring-2002/csci8102/ClassNotes/Lecture12/Lecture12-6on1.pdf is not a bad resource.www.supercross.com
FIM website of the year 2007 -
Webmaster Admin Posts: 10,292 Admin
-
pandimus Member Posts: 651My bad, didnt realize we had a technote here..
But thank both of you.Xinxing is the hairy one. -
JDMurray Admin Posts: 13,099 AdminFor the Security+ exam, make sure you know the (minor) differences between the Lattice and Bell-LaPadula models and how they relate to the MAC access control model. There will be one or two questions on it.
-
RussS Member Posts: 2,068 ■■■□□□□□□□And remember .... bell la padula is ...... wait for it ...
a RULE based access modelwww.supercross.com
FIM website of the year 2007 -
pandimus Member Posts: 651When i get a good chance to study this theory, i will tell you if i remotly understand what you just said.. heheXinxing is the hairy one.
-
Webmaster Admin Posts: 10,292 AdminNote that Bell LaPadula uses primarily Mandatory Access Controls, BLP developed the early MAC. CompTIA uses three primary categories, which are MAC, DAC and RoleBAC (RuleBAC may turn up in the exam though...).
Although it's also described in the TechNote I metioned above, also check out this post for more detailed information:
www.techexams.net/forums/viewtopic.php?t=3069 -
RussS Member Posts: 2,068 ■■■□□□□□□□Thanks for popping that in Johan. After our conversation I was meaning to post about how BLP uses RULES, but is NOT .... RBAC as in Comptias definition. Role Based Access Control.
The technotes actually explain this fairly wellwww.supercross.com
FIM website of the year 2007 -
Webmaster Admin Posts: 10,292 AdminYou're welcome Russ and thanks
And you're right, a lot of what is going on in the BLP model is based on rules. For the CompTIA exam it is important to know BLP is MAC 'just' because an admin sets the controls and the labels (again, not entirely accurate because BLP includes a DAC property...), and therefore dictates the outcome of the rules. Perhaps the term Rule-Based-Mandatory Access Control model would be more in place. But than again, Rule-Based Access Control is usually considered as a 'type of MAC' -
robocal2 Member Posts: 6 ■□□□□□□□□□i thought i understood but i am confused again....
if lattice and BLP are so closely related with 'minor' differences, would MAC be lattice or BLP : -
JDMurray Admin Posts: 13,099 AdminBoth Lattice and BLP are MAC-based models. BLP and Lattice are practically the same models, but BLP is a bit stricter in that a user is not permitted to write into a document with a lower security level than the user’s own security level. Lattice therefore does not prevent disclosure of higher-level information to lower-level users, but BLP does.
For example, let's say I have Admin privilages, and I have access to a document that only Admins can read. Under Lattice, I can create a new document with a lower privilage level, and then copy the data from the Admin-level document to this new, lower-level document. Lower-level users can now read the Admin-only information from this new document. Under BLP this is not possible.