Ver:
·
http://en.wikipedia.org/wiki/Bell-LaPadula_model
·
[BLP:1976]
Modelo de
seguridad que controla el flujo de información en un sistema estableciendo unas
precisas reglas de control de acceso. Las entidades se dividen en objetos y
sujetos. Para determinar si un sujeto puede acceder (para leer o escribir) a un
objeto se comparan la habilitación del primero con la clasificación de
sensibilidad del segundo.
Este modelo
preserva exclusivamente la confidencialidad de la información.
[Ribagorda:1997]
(N) A formal, mathematical,
state-transition model of confidentiality policy for multilevel-secure computer
systems [Bell]. (Compare:
Biba model, Brewer-Nash model.) [RFC4949:2007]
A formal state transition
model of computer security policy that describes a set of access control rules.
In this formal model, the entities in a computer system are divided into
abstract sets of subjects and objects. The notion of a secure state is defined
and it is proven that each state transition preserves security by moving from
secure state to secure state; thus, inductively proving that the system is
secure. A system state is defined to be "secure" if the only
permitted access modes of subjects to objects are in accordance with a specific
security policy. In order to determine whether or not a specific access mode is
allowed, the clearance of a subject is compared to the classification of the
object and a determination is made as to whether the subject is authorized for
the specific access mode. The clearance/classification scheme is expressed in
terms of a lattice.
See also: Lattice, Simple
Security Property, *-Property.
[TCSEC:1985]