- The Bell LaPadula Model, as a finite state machine model, controls information flow for confidentiality with two security properties:
- Simple: no read up
- * (star): no write down
- The Simple Security Property states that a subject (Bob) may not read the information at a higher sensitivity level (no read up).
- The * (star) Security Property states that a subject (Bob) may not write information to an object at a lower sensitivity level (no write down).