This info I got it from the Shon Harris book - Good book, it has many details
Bell-LaPadula --- named Multilevel Security System: because users with different clearances access the system or processes with different classification levels.
This is the cream, three rules:
- Simple Security rule: subject with a security level cannot read data in a higher security level.
- *-proterty rule (star property rule) : No write down to a lower security level.
- Strong start property rule: Subject can only read and write in the same security level.
Dominance relation: The subject has more privileges or right that the object.