Trusted Computing and Multilevel security

Question 1

Computer Security Models - Bell-LaPadula

Answer 1

formal model for access control
each object has a security class
classes have a strict hierarchy as security levels

top secret > secret > confidential > restricted > unclassified

Subject <- appropriate level and compartment to access an object
has a security clearance

Object <- security classification of a given level

access modes read append write execute

Multilevel security <- multiple categories of levels of data defined

Question 2

BLP - System of confidentiality

Answer 2

No read up: subject can only read object <= security level
ss-property (simple-security property)

No write down: subject can only write into a object >= security level
*-property

Mandatory Access Control

if DAC
ds-property: an individual/role grant other access to doc based on owner’s direction constrainted by MAC rules.

Question 3

BLP - Limitations

Answer 3

incompatibility of confidentiality and integrity within a single MLS system

cooperating conspirator in the presence of covert channels
breaks down when untrusted low classified executable data are allowed to be executed by a high clearance trusted subject

Question 4

Trusted Systems

Answer 4

Trusted system <- system believed to enforce a given set of attributes to a stated degree of assurance
trustworthy system <- system that can provide mathematical proof that an attacker no matter how clever won’t be able to.