Bell-LaPadula model and Biba model

这两个安全模型在看cissp osg教材的时候不懂,报的培训班老师也没讲解原理及为什么,直观上,这两个模型就是对立的。看了11 hours cissp书后恍然大悟,这是本好书。摘抄如下:

Bell-LaPadula includes the following rules and properties:

Simple Security Property: “No read up”; a subject at a specific clearance level cannot read an object at a higher classification level. Subjects with a Secret clearance cannot access Top Secret objects, for example.

Security Property: “No write down”; a subject at a higher clearance level cannot write to a lower classification level. For example: subjects who are logged into a Top Secret system cannot send emails to a Secret system.

Strong Tranquility Property: Security labels will not change while the system is operating.

Weak Tranquility Property: Security labels will not change in a way that conflicts with defined

security properties.

 

引出Biba模型:

Models such as Bell-LaPadula focus on confidentiality, sometimes at the expense of integrity. The Bell-LaPadula “no write down” rule means subjects can write up; that is, a Secret subject can write to a Top Secret object. What if the Secret subject writes erroneous information to a Top Secret object? Integrity models such as Biba address this issue.

The Biba model has two primary rules: the Simple Integrity Axiom and the * Integrity Axiom.

Simple Integrity Axiom: “No read down”; a subject at a specific clearance level cannot read data at a lower classification. This prevents subjects from accessing information at a lower integrity level. This protects integrity by preventing bad information from moving up from lower integrity levels.

* Integrity Axiom: “No write up”; a subject at a specific clearance level cannot write data to a higher classification. This prevents subjects from passing information up to a higher integrity level than they have clearance to change. This protects integrity by preventing bad information from moving up to higher integrity levels.

 

 

 

Did you know?

Biba takes the Bell-LaPadula rules and reverses them, showing how confidentiality and integrity are often at odds. If you understand Bell-LaPadula (no read up; no write down), you can extrapolate Biba by reversing the rules: “no read down”; “no write up.”

 

读完后解释了我的疑惑:
为什么Bell-LaPadula不能向下写?--我想是为了防止机密信息在不经意间被泄漏。For example: subjects who are logged into a Top Secret system cannot send emails to a Secret system. 但可以向上写,开始觉得有点奇怪,但是confidentical是第一目标的,但这样可能造成不完整性或不可信信息。

最后一段解释了他两为什么是相反的。

 

posted @   saaspeter  阅读(77)  评论(0编辑  收藏  举报
编辑推荐:
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
阅读排行:
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 单元测试从入门到精通
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 上周热点回顾(3.3-3.9)
· winform 绘制太阳,地球,月球 运作规律
点击右上角即可分享
微信分享提示