On the validity of the Bell-LaPadula model

The well-known Bell-LaPadula model (BLPM) for multilevel-secure computer systems is scrutinized systematically and semiformally. The analysis shows that the BLPM had several flaws in its original context. Systems derived from it are either cumbersome to use or are so vulnerable to certain flaws that...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 1994-01, Vol.13 (4), p.317-333
Main Authors: Roos Lindgreen, Edo E O, Herschberg, Israel Samuel
Format: Article
Language:English
Subjects:
Cybersecurity
Information processing
Systems design
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The well-known Bell-LaPadula model (BLPM) for multilevel-secure computer systems is scrutinized systematically and semiformally. The analysis shows that the BLPM had several flaws in its original context. Systems derived from it are either cumbersome to use or are so vulnerable to certain flaws that they cannot be considered secure. Many assumptions that were valid when the model was developed no longer hold. Current information-processing environments are so different in concept and in context from those envisioned in the early 1970s that the BLPM can no longer be considered valid in its current applications. The invalidation by erosion of the BLPM has a huge impact. In order to obtain an Orange Book B-classification to ensure US government and US Departmet of Defense (DoD) purchases, manufacturers are supplying systems with BLPM-like mandatory access-control mechanisms that are grossly inadequate for commercial, public, and scientific information-processing applications.
ISSN:0167-4048
1872-6208