You are working for an organization in which every employee is granted a security clearance after completion of a thorough background check and assets are labeled after the classification process. Your access to classified resources is authorized based on if your security level dominates that of the resource. You are not allowed to write data to a lower security level. Which of the following is least related to the access control model of the organization?
A. State Machine
B. Information Flow
C. The * (star) Integrity Axiom
D. Lattice Model
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. The * (star) Integrity Axiom.
Bell LaPadula Model
The Bell LaPadula Model is a finite state machine which controls information flow for confidentiality with two security properties:
- Simple Security Condition (or Property): no read up
- *-Property (Star Property): no write down
Bell-LaPadula Model is a formal state transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer
system are divided into abstract sets of subjects and objects.
The notion of a secure state is defined and it is proven that each state transition preserves security by moving from secure state to secure state; thus, inductively proving that the system is secure. A system state is defined to be “secure” if the only permitted access modes of subjects to objects are in accordance with a specific security policy.
In order to determine whether or not a specific access mode is allowed, the clearance of a subject is compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode. The clearance/classification scheme is expressed in terms of a lattice.
Source: Orange Book
Simple Security Condition
Simple Security Condition is a Bell-LaPadula security model rule allowing a subject read access to an object only if the security level of the subject dominates the security level of the object. (Orange Book)
*-Property (Star Property)
*-Property (Star Property) is a Bell-LaPadula security model rule allowing a subject write access to an object only if the security level of the subject is dominated by the security level of the object. Also known as the Confinement Property. (Orange Book)
Lattice is a partially ordered set for which every pair of elements has a greatest lower bound and a least upper bound.
Mandatory policies either require or can be satisfied by systems that can enforce a partial ordering of designations, namely, the designations must form what is mathematically known as a “lattice.”
According to the description of the question, we can infer that the organization implements the mandatory access control (MAC) model which is based on the Bell LaPadula Model to protect confidentiality.
The Bell LaPadula Model is the means, while confidentiality is the end. The organization should be concerned more about the end than the means.
The * (star) Integrity Axiom states that a subject at a given level of integrity must not write to data at a higher level of integrity (no write up) in the Biba Model.