TL;DR
Yes, a subject can write to files with different compartments but the same classification level in the Bell-LaPadula model. This is because compartment restrictions don’t prevent writing within a given classification.
Understanding Bell-LaPadula
The Bell-LaPadula model focuses on controlling information flow to prevent unauthorised disclosure of sensitive data. It has two main rules:
- Simple Security Condition (Read Down): A subject can only read files with a classification level less than or equal to its own clearance.
- *-Property (Write Up): A subject can only write to files with a classification level greater than or equal to its own clearance.
Compartments are used for finer-grained access control within a classification level. They represent specific areas of knowledge.
Scenario: Write Access
Let’s say we have the following:
- Subject Clearance: Top Secret, Compartment A
- File 1: Top Secret, Compartment B (different compartment)
- File 2: Top Secret, Compartment C (different compartment)
The subject has a Top Secret clearance. Both files are also classified as Top Secret.
Steps to Determine Write Access
- Check Classification: The subject’s classification (Top Secret) is less than or equal to the file classifications (both Top Secret). This satisfies the *-Property for both files.
- Check Compartments: Bell-LaPadula does not restrict writing based on compartment differences within a given classification level. The subject can write to either File 1 or File 2, regardless of their compartments (B and C).
Example
Imagine a system where:
- Classification Levels: Unclassified, Confidential, Secret, Top Secret
- Compartments: Nuclear, Finance, Legal
A subject with ‘Secret’ clearance and the ‘Finance’ compartment can write to any file classified as ‘Secret’, even if those files have different compartments like ‘Nuclear’ or ‘Legal’.
Practical Considerations
- System Implementation: The specific implementation of Bell-LaPadula in an operating system or database will determine how compartment restrictions are enforced.
- Mandatory Access Control (MAC): Bell-LaPadula is a type of MAC, meaning access control decisions are made by the system, not the user.
Summary
The Bell-LaPadula model allows writing to files with different compartments as long as they share the same classification level or a higher one. Compartments refine access within a classification but don’t prevent write operations at the same level.