CISSP - Bell-La Padula

jdredd

I just finished Security+ and have started to study for CISSP. It seems harder and is more detailed.

I have read about Bell-La Padula and understand it, I think, except nothing I have read tells you how to actually implement it. You must work from a security policy, I would guess.

Is the acutal implementation done by setting access controls on the directories? Like do you use AD (in Windows) to define each file and user? Do you use group permissions? Will windows do B-LP at all? Is Linux different? Is there software?

I wish the books gave more actual examples of how you do these things.

Webmaster

It's the Bell-La Padula "access control model". A model developers can use when they need to build access control (Identification, authentication, and authorization) for a device or software system. Instead of having to design their own system, they can use Bell-La Padula's model as Bell and La Padula did the thinking for them already.

You won't find a system based on Bell-La Padula's model(s) in corporate environements. It's used (and originally developed) for military mainframe systems where confidentiality has the highest priority.

Last but not least, Bell-La Padula's model is a MAC (Mandatory Access Control) model, in which, as you know from your Sec+ studies , an admin (or 'security officer') sets the permissions. In a access control model it's all about subjects (users, programs) and objects (file, printers, etc.), an access control model defines how and if a subject can access an object. In Bell-La Padula's model both subjects and objects are labeled. Subjects receive a clearance label, objects receive a classification label (I.e. Top Secret, Secret, Classified, Public). Subjects can read objects if their labels match, or the security level is higher than the object's label.

In Bell-La Padula's model there are two main rules:
- Simple security rule which dictates that a subject cannot read up.
- * security rule which dictates that a subject cannot write down.

Both of these ensure confidentiality, the first rule is obvious, it means a user cannot read data with a higher security label than himself. The second rule means a user cannot read write data with a lower security label than himself. The latter prevents people with a high security level of create files with a lower level, so someone with Top secret clearance (hence top secret knowledge) cannot create files readable by people with a lower level. It's all about keeping those secrets secret. Note again, the subjects are not able to create files and assign a label/security level to it other than their own.

Another important term in this context is lattice, which defines the lower and upper bounds of a subjects security level.

Bell-La Padula's model is originally developed around 1970. I don't know if it is still in use in a system. Likely some principals from this model are still used, but mostly combined with, or established a basis for, other models, hence other systems.

I hope this helps!

jdredd

Yes! It helps a lot. Thank you. There were some things in your answer I didn't know. You stated it more clearly than I had read before.

How would you actually implement it? Like just set the file permissions according to the plan on each file and directory?

I didn't know it wasn't in use.

Webmaster

jdredd wrote:

How would you actually implement it? Like just set the file permissions according to the plan on each file and directory?

It would be implemented in code. Again, it's a model. A system that use it (or is buid partly according to the model) don't mention "Bell-La Padula" or anything.

The Bell-La Padula model provides read, write and read/write permissions, which a subject has based on his own clearance and the classification of the object it is trying to access. So you wouldn't set file permissions, you would assign labels to subjects and objects. The operating system that is build according to the Bell-La Padula model will automatically know the appropriate permission based on those labels. 'That' is what the Bell-La Padula does.

Also important to understand is that you won't find this in the kind of operating systems you and I are used to (unless you have experience with military mainframes). Subject don't browse for objects like we do, they use the mainframes applications. I.e. a terminal to connect to a central system. What you can see and do on that system depends on your security clearance label. The object and subjects are labeled by an admin, security officer. That's the mandatory part.

jdredd wrote:

I didn't know it wasn't in use.

I didn't say it isn't in use, 'I' just don't know whether it's still in use.

jdredd

Thank you. This is like a light bulb coming on. I didn't really understand how you did this before, and obviously didn't really understand it before.

Webmaster

You're welcome

I think access control models is one of the more difficult topics for the CISSP exam, and the problem is that there is so much info available but much of it is way too detailed, or on an academic level in which they do their utmost best to make things sound more complicated than the really are.

Ten9t6

Webmaster is correct. They make this harder than it should be. If you are taking the CISSP, you really need to understand this material. It was an area that I had problems with in the beginning.

What sources are you using to study for this exam?

jdredd

At the moment I am only using the 'Official (ISC)2 Guide to the CISSP Exam' by Hansche, Berti, and Hare. I was planning on getting the Shon Harris book when the third edition is finally released. I am a little shocked at the level of detail in the Official Guide and wonder if this doesn't cover everything for the test. It is a little hard to read, though. Also, to my surprise, I am finding a number of answers in the Official Guide to questions (practice ones) in the Security+ test that I couldn't find elsewhere - Security+ was good prep for this test, I think.

Webmaster

I'm waiting for that third edition of the Shon Harris All-in-One too. I'm not sure yet, but I may get the official guide too. I also read some fairly negative reviews about it, but some positive as well. I doubt either of these two will give a 100% coverage. I was hoping to take the test in July, but the only location here is booked so I'll have to wait to December this year. Hopefully ISC2 will have released a new and improved version of the official guide by then. I'm also working on a the CISSP section for TechExams.net, including some new practice questions, but also a link directory. But as always, Google is your friend And also check out www.cccure.org the site for CISSP prep.

Security+ was good prep for this test, I think.

I agree, Sec+ is an good primer and there is a fair amount of overlap. CISSP goes a 'bit' further into the topics and covers a lot of additional, though often related, material. I'm amazed how broad it is, CPU states, laws, neural networks

Ten9t6

The official study guide was not out when I took the exam. I would hope, since it is the "official" study guide, that it would cover everything that is needed. But, I never use "one" book for any exam. My CISSP library is about 5 books....and many documents.

Webmaster....I am glad you mentioned cccure.org. I have wanted to mention the site before, but didn't want to promote other sites here. I would not attempt the exam without going through all 500 questions they have online. They are the closest to the type of wording you will face on exam.

Webmaster

Ten9t6 wrote:

I would hope, since it is the "official" study guide, that it would cover everything that is needed.

Everything that is needed for a passing score, but I've read several reviews in which the reader claims they've seen material on the exam that wasn't covered in the official guide even though it did provide sufficient material to pass, there are some gaps. I can't ensure the integrity of this opinion about the official guide, it's only hearsay evidence Regardless, I think 'Official' is sufficient reason to get the book in addition to the Shon Harris book, especially considering the 500 bucks cost for the exam it's worth the investment. One of our sponsors, ExamForce, provided me with the CISSP CramMaster, which includes content from QUE's CISSP Training Guide. I've had only a quick peek so far, but it seems pretty good.

The free CISSP 'study guide' available for download at ISC2, basically the exam objectives, also contains a list with book references (references not cert guides).

Ten9t6 wrote:

Webmaster....I am glad you mentioned cccure.org. I have wanted to mention the site before, but didn't want to promote other sites here. I would not attempt the exam without going through all 500 questions they have online. They are the closest to the type of wording you will face on exam.

I don't mind promotion of other, especially non-commercial, cert and tech sites with quality content, by someone else than the owner, at all. I don't consider other sites competition or anything. Any other good sites you've been keeping from us?

Ten9t6

That's good. The guy that runs the site, is a really cool...and has helped me in studying for my CISSP, SSCP, and CEH. He used to work for Intense Schools and now works for SANS. There are a lot of good resources on that site. Like I said earlier..if you are going to take that test, spend a lot of time on that site. The download material and practice tests are great.

Ten9t6

Webmaster wrote:

I'm waiting for that third edition of the Shon Harris All-in-One too.

I just looked into this new edition. I think I may have to get this one also, since it covers the ISSEP as well.

ghummel

Kudos to all of you and Clement D. (cccure.org). Keep up the good work assisting the CISSP 'attempters'. It is a difficult test (it took me twice, I missed the 1st time by 2 questions).