Tuesday, June 3, 2014

Security Model CISSP Bell-LaPadula

Ok guys, to be a good pen tester we need to have some knowledge, and I've been working with CISSP and there are some point that we normally tend to forget. So here we go with Bell-LaPadula Model for CISSP.

This info I got it from the Shon Harris book - Good book, it has many details

Focus: Confidentiality

Bell-LaPadula --- named Multilevel Security System: because users with different clearances access the system or processes with different classification levels.

This is the cream, three rules:

  • Simple Security rule: subject with a security level cannot read data in a higher security level.

  • *-proterty rule (star property rule) : No write down to a lower security level.

  • Strong start property rule: Subject can only read and write in the same security level.

Dominance relation: The subject has more privileges or right that the object.

No comments:

Post a Comment