bel la padula

pandimuspandimus Member Posts: 651
can someone give me a good link discribing this model, I couldnt find anything usefull except a definition. I read a post someone talking this was on the exam, I can find it in my all in one book

thanks
Xinxing is the hairy one.

Comments

  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
  • pandimuspandimus Member Posts: 651
    My bad, didnt realize we had a technote here..

    But thank both of you.
    Xinxing is the hairy one.
  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    For the Security+ exam, make sure you know the (minor) differences between the Lattice and Bell-LaPadula models and how they relate to the MAC access control model. There will be one or two questions on it.
  • pandimuspandimus Member Posts: 651
    cool.. Thanks, i will check it out..
    Xinxing is the hairy one.
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    And remember .... bell la padula is ...... wait for it ...

    a RULE based access model icon_wink.gif
    www.supercross.com
    FIM website of the year 2007
  • pandimuspandimus Member Posts: 651
    When i get a good chance to study this theory, i will tell you if i remotly understand what you just said.. hehe
    Xinxing is the hairy one.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Note that Bell LaPadula uses primarily Mandatory Access Controls, BLP developed the early MAC. CompTIA uses three primary categories, which are MAC, DAC and RoleBAC (RuleBAC may turn up in the exam though...).

    Although it's also described in the TechNote I metioned above, also check out this post for more detailed information:
    icon_arrow.gifwww.techexams.net/forums/viewtopic.php?t=3069
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    Thanks for popping that in Johan. After our conversation I was meaning to post about how BLP uses RULES, but is NOT .... RBAC as in Comptias definition. Role Based Access Control.
    The technotes actually explain this fairly well :)
    www.supercross.com
    FIM website of the year 2007
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    You're welcome Russ and thanks :)

    And you're right, a lot of what is going on in the BLP model is based on rules. For the CompTIA exam it is important to know BLP is MAC 'just' because an admin sets the controls and the labels (again, not entirely accurate because BLP includes a DAC property...), and therefore dictates the outcome of the rules. Perhaps the term Rule-Based-Mandatory Access Control model would be more in place. But than again, Rule-Based Access Control is usually considered as a 'type of MAC' icon_neutral.gif
  • robocal2robocal2 Member Posts: 6 ■□□□□□□□□□
    i thought i understood but i am confused again....
    if lattice and BLP are so closely related with 'minor' differences, would MAC be lattice or BLP icon_confused.gif:
  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    Both Lattice and BLP are MAC-based models. BLP and Lattice are practically the same models, but BLP is a bit stricter in that a user is not permitted to write into a document with a lower security level than the user’s own security level. Lattice therefore does not prevent disclosure of higher-level information to lower-level users, but BLP does.

    For example, let's say I have Admin privilages, and I have access to a document that only Admins can read. Under Lattice, I can create a new document with a lower privilage level, and then copy the data from the Admin-level document to this new, lower-level document. Lower-level users can now read the Admin-only information from this new document. Under BLP this is not possible.
Sign In or Register to comment.