INFORMATION SECURITY AND AUDIT
1. Overview of information security
2. Information and Network Security Policies
3. Cryptography and PKI
4. Network security applications
5. Design Principles
6. Compliance, Evaluation system and Law
- Pci Dss
- Sox
- Hippa,
- Evaluating Systems
- Evaluating Systems, Goals Of Evaluating Systems
- Tcsec
- Itsec
- Fips
- Common Criteria
- Sse-Cmm
- Law And Information Security
- Historical Evolution Of Computer Related Law In The Us
- Privacy Law And Its Significance To Information Security
- The Uk Dpa And The Eu Gdpr
- Eta Of Nepal
7. Malicious logic and attacks
8. Vulnerability analysis and IT Audit
9. Intrusion detection and log analysis
LAB WORK -ISA
SOLVED PRACTICE QUESTIONS
Bell-LaPadula Model
The Bell-LaPadula (BLP) Model is a formal state transition model used in the field of information security to enforce access control policies. It was developed in the 1970s by David Elliott Bell and Leonard J. LaPadula. The model is particularly focused on maintaining the confidentiality of data, and it is widely used in military and government contexts.
- Security Levels:
- Each subject (user or process) and object (data or resource) in the system is assigned a security level. Common examples of security levels are Top Secret, Secret, Confidential, and Unclassified.
- Security levels are hierarchical, meaning that higher levels dominate lower levels.
- Access Modes:
- The model defines various access modes such as read, write, and execute.
- Each access mode is subject to specific rules that enforce the security policy.
Rules for Bell-LaPadula Model
- Simple Security Property (No Read Up, "ss-property"):
- A subject at a given security level is not allowed to read data at a higher security level.
- For example, a user with a Secret clearance cannot read Top Secret data.
- *-Property (Star Property, No Write Down, "star-property"):
- A subject at a given security level is not allowed to write data to a lower security level.
- This prevents the possibility of sensitive information being leaked to less secure areas. For example, a user with Top Secret clearance cannot write to a file classified as Confidential.
- Discretionary Security Property (ds-property):
- This rule allows for discretionary access controls to be implemented. It means that access controls based on the identity of the subjects and access rights specified by the owner of the object can be applied.
- Essentially, it complements the mandatory access controls (MAC) enforced by the simple security property and the *-property by adding another layer based on the discretion of the object owner.
Limitations
- The Bell-LaPadula Model is focused exclusively on data confidentiality and does not address other aspects of security, such as integrity or availability.
- It assumes a static classification scheme and does not account for the dynamic nature of real-world systems where security levels and access needs may change over time.
Applications
- The Bell-LaPadula Model is widely used in environments where the primary concern is to protect sensitive information from unauthorized access and disclosure.
- It forms the basis for various government and military security policies and is implemented in some secure operating systems and security software.