The Bell-LaPadula Model aims to achieve confidentiality by specifying three rules:
Simple Security Property: This property is referred to as “no read up”; it states that a subject at a lower security level cannot read an object at a higher security level. This rule prevents access to sensitive information above the authorized level.
Star Security Property: This property is referred to as “no write down”; it states that a subject at a higher security level cannot write to an object at a lower security level. This rule prevents the disclosure of sensitive information to a subject of lower security level.
Discretionary-Security Property: This property uses an access matrix to allow read and write operations. An example access matrix is shown in the table below and used in conjunction with the first two properties.
|Subjects||Object A||Object B|
|Subject 1||Writ||No access|
The first two properties can be summarised as “write up, read down.” You can share confidential information with people of higher security clearance (write up), and you can receive confidential information from people with lower security clearance (read down).
There are certain limitations to the Bell-LaPadula model. For example, it was not designed to handle file-sharing.