On the validity of the Bell-La Padula model

The well-known Bell-LaPadula model for multilevel-secure computer systems is scrutinized systematically and semi-formally. The validity of the model is discussed, both in its original context and in present-day applications. Even allowing for the model's limited scope, we find that it is based on indefinite, incomplete and disputable concepts, yielding systems that are cumbersome at best and insecure at worst. Finally, we discuss whether the Bell-LaPadula model is a suitable basis for its current application.

[1]  Jerome H. Saltzer,et al.  Protection and the control of information sharing in multics , 1974, CACM.

[2]  P. L. Overbeek Towards secure open systems , 1993 .

[3]  J. D. Johannes,et al.  Systems Simulation: The Art and Science , 1975, IEEE Transactions on Systems, Man, and Cybernetics.

[4]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[5]  Richard G. Hamlet Are we testing for true reliability? , 1992, IEEE Software.

[6]  D. Elliott Bell Secure Computer Systems: A Refinement of the Mathematical Model , 1974 .

[7]  David Elliott Bell Concerning 'modeling' of computer security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[8]  Morrie Gasser,et al.  Security Kernel Design and Implementation: An Introduction , 1983, Computer.

[9]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[10]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[11]  John McLean,et al.  A Comment on the 'Basic Security Theorem' of Bell and LaPadula , 1985, Inf. Process. Lett..

[12]  S. Muftic,et al.  Security Architecture for Open Distributed Systems , 1993 .

[13]  T. Kuhn The Structure of Scientific Revolutions. , 1964 .

[14]  Christel Calas GDoM: a Multilevel Document Manager , 1992, ESORICS.

[15]  John McLean,et al.  Reasoning About Security Models , 1987, 1987 IEEE Symposium on Security and Privacy.

[16]  Brian Randell,et al.  Improvement of Data Processing Security by Means of Fault Tolerance , 1991 .

[17]  T. C. Ting Application Information Security Semantics: A Case of Mental Health Delivery , 1989, DBSec.

[18]  Gerald M. Weinberg,et al.  Psychology of computer programming , 1971 .

[19]  Santosh Chokhani Trusted products evaluation , 1992, CACM.

[20]  Karl R. Popper The Logic of Scientific Discovery. , 1977 .

[21]  Paul A. Karger The Lattice Security Model In A Public Computing Network , 1978, ACM Annual Conference.

[22]  John McLean,et al.  The specification and modeling of computer security , 1990, Computer.

[23]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[24]  Lawrence Robinson,et al.  Proving multilevel security of a system design , 1977, SOSP '77.

[25]  Yvo Desmedt Breaking the Traditional Computer Security Barriers , 1992, ESORICS.

[26]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[27]  K. Thompson Reflections on trusting trust , 1984, CACM.

[28]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[29]  Marek Sergot,et al.  Formal Specification of Security Requirements using the Theory of Normative Positions , 1992, ESORICS.

[30]  Per Brinch Hansen,et al.  Operating System Principles , 1973 .

[31]  R. Hilpinen Deontic Logic: Introductory and Systematic Readings , 1981 .

[32]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[33]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[34]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[35]  Steven B. Lipner,et al.  Non-Discretionery Controls for Commercial Applications , 1982, 1982 IEEE Symposium on Security and Privacy.

[36]  John M. Carroll Security and credibility in an information-intensive society , 1990, Comput. Secur..

[37]  Risto Hilpinen,et al.  Deontic Logic: An Introduction , 1970 .

[38]  James P. Titus,et al.  Security and Privacy , 1967, 2022 IEEE Future Networks World Forum (FNWF).

[39]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .