Example of labels/MAC in a DoD Environment
1. Label = (Sensitivity lavel, compartment)
2. Lets us consider highly sensitive documents that have information about various arms stockpiles.
L1 = (TS,{nuclear, chemical})
L2 = (S,{nuclear, conventional})
1.Providing confidential access to documents(Bell and La Padula or BLP Model)
Comparing Labels
– Assume sensitivity levels are totally ordered(TS > S > C > U)
– Compartments are sets which can only be partially ordered
How do we order labels?
Comparing Labels
L1 = (X1, Comp1), L2 = (X2, Comp2)
L1 dominates L2 : L1 > L2 and Comp1 >= Comp2
or L1 is dominated by L2 : l1 < l2 and Comp1 <= Comp2
or L1 = L2 : l1 = :2 and Comp1 = Comp2
or L1 and L2 are not comparable : L1 > L2 and L1 < L2 and L1 = L2
Ordering Among Labels
ordering among labels defines a structure called a lattice:
Partial Order
L1 = (TS,{A,B,C}) L1 > L2?
L2 = (S, {A,B}) L2 < L1?
L3 = (S, {B,C,C}) L1 and L3 are not compared
Using labels for MAC:confidentiality
Bell and La Padua or BLP Model(Developed by DoD)
- Assumes classification of data(TS, S,C,U) and clearances for subjects
Read/Write rules
- User with Label L1 can read document with label L2 only when L1 dominates L2
read-down rule(simple security property)
- User with label L1 can write document with label L2 when L1 dominated by L2
Write-up rule(star property)
Preventing Information Flow with BLP
