Bell-LaPadula Security Model: Example

TL;DR

This guide shows a basic implementation of the Bell-LaPadula security model, focusing on ‘No Read Up’ and ‘No Write Down’. We’ll use simple Python code to illustrate how access is controlled based on security levels. This isn’t production-ready but demonstrates the core principles.

Implementing Bell-LaPadula

1. Define Security Levels: First, we need a way to represent security classifications. We’ll use integers – higher numbers mean higher classification (e.g., 1 = Unclassified, 2 = Confidential, 3 = Secret).
2. Represent Subjects and Objects: Subjects are users or processes needing access. Objects are data resources like files. Each subject and object has a security level.
3. ‘No Read Up’: A subject can only read objects with a security level equal to or lower than its own.
4. ‘No Write Down’: A subject can only write to objects with a security level equal to or higher than its own.

Python Example

Here’s a Python example demonstrating this:

Code Setup

class Subject:
    def __init__(self, name, security_level):
        self.name = name
        self.security_level = security_level

class Object:
    def __init__(self, name, security_level):
        self.name = name
        self.security_level = security_level

def can_read(subject, obj):
    return subject.security_level >= obj.security_level

def can_write(subject, obj):
    return subject.security_level <= obj.security_level

Creating Subjects and Objects

Let's create some subjects and objects with different security levels:

alice = Subject("Alice", 3)  # Secret level
bob = Subject("Bob", 1)      # Unclassified level

data_secret = Object("Secret Data", 3)
data_confidential = Object("Confidential Data", 2)
data_unclassified = Object("Unclassified Data", 1)

Testing Access Control

1. Alice Reading: Alice (level 3) should be able to read all data.
2. Bob Reading: Bob (level 1) should only be able to read unclassified data.
3. Alice Writing: Alice (level 3) should be able to write to any data.
4. Bob Writing: Bob (level 1) should only be able to write to unclassified data.

Example Access Checks

print(f"{alice.name} can read {data_secret.name}:", can_read(alice, data_secret))
print(f"{bob.name} can read {data_secret.name}:", can_read(bob, data_secret))

print(f"{alice.name} can write to {data_secret.name}:", can_write(alice, data_secret))
print(f"{bob.name} can write to {data_secret.name}:", can_write(bob, data_secret))

Expected Output

Alice can read Secret Data: True
Bob can read Secret Data: False
Alice can write to Secret Data: True
Bob can write to Secret Data: False

Important Considerations

• Simple Model: This is a very simplified example. Real-world implementations are far more complex, involving categories and other factors.
• Discretionary Access Control (DAC): Bell-LaPadula focuses on mandatory access control. DAC allows object owners to grant permissions.
• Trusted Computing Base: The code enforcing the security rules must be highly trusted.
• Cyber security best practices: This example is for educational purposes only and should not be used in a production environment without thorough review and hardening.