Model of Bell - LaPadula - Informatics

The Bell-LaPadule model

Mandatory Access Control (MAC) is implemented in this model. The model is represented as sets of subjects S , objects O and two access rights (read - read and write). The credential model does not control the operations of entities over objects, but the flow of data from the subject to the object (when writing) or from the object to the subject (when reading).

Mandatory or normative, authoritative access control is based on the rules of secret document circulation adopted in state institutions of many countries. Its essence lies in the fact that an ordered set of confidentiality tags is used (secretly, top secret, etc.), and each system object is assigned a label that defines the secrecy level , reflecting the value of the information contained in it, and level access to it in the information system.

Access control is carried out by means of two rules, according to which the authorized person (subject) has the right:

• read only those documents whose privacy level does not exceed its own level, which ensures the protection of information processed by high-level entities (persons) from access from low-level ones

• Enter information only in those documents, the level of secrecy of which is not lower than its own level, which prevents information leakage from high-level information processing subjects to low-level ones.

For the mandatory model, the necessary and sufficient conditions for the safe state of the system are strictly mathematically defined, i.e. That the system, having begun the work in a safe condition, never reached an unsafe condition. Mandatory access control does not distinguish between the same levels of security, since all entities of the same level have the same rights. Therefore, there is no restriction on the interaction of objects of the same level, and in those cases where more flexible access control is required, the mandatory model is used in conjunction with a discretionary model that is free from this shortcoming.

Authentication (Authentication) is the procedure for authenticating a user when requesting access to system resources (computer or network). It prevents access to undesirable persons and allows access to all legitimate users. The authentication procedure involves two parties: one proves its right to access (authenticity), presenting some arguments; the other checks these arguments and makes a decision.

To prove the authenticity, some word (password) or a unique physical object (key) known for both parties can be used, as well as your own bio-characteristics (fingerprints or the iris image).

The most frequently used for authentication are typed passwords. The password is an encrypted sequence of characters that is kept secret and presented when accessing the information system.

The simplicity and logical clarity of authentication mechanisms and passwords to some extent compensates for their weaknesses, such as the possibility of disclosing passwords by guessing or analyzing network traffic. Reducing the level of threats from the disclosure of passwords is achieved by the policy of their appointment and use: passwords are set, passwords are encrypted using cryptographic methods, unsuccessful attempts to log on, etc. are fixed.

Authentication objects can be not only users, but also various devices, applications, text and other information. In some cases, mutual identification is required. For example, when accessing a request to a corporate server, the user must prove to him his legality, but at the same time he must also verify that he is in dialogue with the server that really belongs to his enterprise, i.e. the server and the client must undergo a mutual authentication procedure. Authentication of data means proof of their integrity, as well as the fact that the data came from the person who announced it. An electronic signature mechanism is used to authenticate data.

Password security measures. The length of the password, the number of characters in the alphabet used, and the delay between allowed attempts to re-enter the incorrect password are significant implications for password disclosure. With a significant increase in the length of the password, it can be divided into two parts: user-remembered and manually entered, and also placed in an encrypted form on a special medium and read by a special device. Increasing the reliability of authentication can be achieved by increasing the number of characters in the alphabet, for example, by using lowercase and uppercase Latin and Cyrillic characters. If for a three-character password selected from a 26-character alphabet, the disclosure time is 3 months, for a four-character password, 65 years [24]. The time of the password is most significant, if it is simple, so the security administrator (or network) must constantly monitor the timeliness of changing user passwords. Very effective methods based on the use of dynamically changing passwords, when changing the password is its functional transformation. For example, a user can allocate a sufficiently long password and with each authentication use only some of it, which is requested when entering the system using a pseudorandom number sensor. This process is called gaming.

An effective measure of improving password security is its functional transformation using the one-way cryptographic function F, which for known X and Y is difficult or impossible to determine, and for a given X it is easy to compute Y = F (X).

The user is given a word or number X (the original password), as well as the conversion function F (X), for example

where (X mod 100) is the operation of taking the remainder from the integer division X by 100; D - the current day of the week; W is the current week number in the month. In this case, the periodicity of changing the initial password should be known, for example every day or every week.

The following sequence of passwords X, F (X), F (F (X)) , etc. can be used. To calculate the current password for this sequence, you need to know the form of the F password conversion, as well as the previous password.

For a higher security level, the F function must change periodically. When replacing it, it is also advisable to set a new initial password X. To reliably identify a person, technical means are used to determine the individual biometric characteristics of a person (fingerprints, pupil structure, etc.).

< center>

thematic pictures

Also We Can Offer!

Other services that we offer

If you don’t see the necessary subject, paper type, or topic in our list of available services and examples, don’t worry! We have a number of other academic disciplines to suit the needs of anyone who visits this website looking for help.

How to ...

We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)