Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
CompTIA
Security+
bel la padula
pandimus
can someone give me a good link discribing this model, I couldnt find anything usefull except a definition. I read a post someone talking this was on the exam, I can find it in my all in one book
thanks
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
RussS
http://www-users.itlabs.umn.edu/classes/Spring-2002/csci8102/ClassNotes/Lecture12/Lecture12-6on1.pdf
is not a bad resource.
Webmaster
www.techexams.net/technotes/securityplus/mac_dac_rbac.shtml
pandimus
My bad, didnt realize we had a technote here..
But thank both of you.
JDMurray
For the Security+ exam, make sure you know the (minor) differences between the Lattice and Bell-LaPadula models and how they relate to the MAC access control model. There will be one or two questions on it.
pandimus
cool.. Thanks, i will check it out..
RussS
And remember .... bell la padula is ...... wait for it ...
a RULE based access model
pandimus
When i get a good chance to study this theory, i will tell you if i remotly understand what you just said.. hehe
Webmaster
Note that Bell LaPadula uses primarily Mandatory Access Controls, BLP developed the early MAC. CompTIA uses three primary categories, which are MAC, DAC and RoleBAC (RuleBAC may turn up in the exam though...).
Although it's also described in the TechNote I metioned above, also check out this post for more detailed information:
www.techexams.net/forums/viewtopic.php?t=3069
RussS
Thanks for popping that in Johan. After our conversation I was meaning to post about how BLP uses RULES, but is NOT .... RBAC as in Comptias definition. Role Based Access Control.
The technotes actually explain this fairly well
Webmaster
You're welcome Russ and thanks
And you're right, a lot of what is going on in the BLP model is based on rules. For the CompTIA exam it is important to know BLP is MAC 'just' because an admin sets the controls and the labels (again, not entirely accurate because BLP includes a DAC property...), and therefore dictates the outcome of the rules. Perhaps the term Rule-Based-Mandatory Access Control model would be more in place. But than again, Rule-Based Access Control is usually considered as a 'type of MAC'
robocal2
i thought i understood but i am confused again....
if lattice and BLP are so closely related with 'minor' differences, would MAC be lattice or BLP
:
JDMurray
Both Lattice and BLP are MAC-based models. BLP and Lattice are practically the same models, but BLP is a bit stricter in that a user is not permitted to write into a document with a lower security level than the user’s own security level. Lattice therefore does not prevent disclosure of higher-level information to lower-level users, but BLP does.
For example, let's say I have Admin privilages, and I have access to a document that only Admins can read. Under Lattice, I can create a new document with a lower privilage level, and then copy the data from the Admin-level document to this new, lower-level document. Lower-level users can now read the Admin-only information from this new document. Under BLP this is not possible.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
