How can you write up without having the ability to read up? Like you can’t even read what you write, not sure if I understand correctly but it doesn’t make sense to me.
Hi Josh..double asterix confusion did not struck me..thanks fpr your feedback I shall keep that in mind while doing future videos...thanks for watching and plz subscribe for more🙏🙏
hey hassan to achieve a secure system state in the BLP model, both the simple security property and the *-property must be satisfied simultaneously.( the standard BLP model) However, in practical situations, these two properties, particularly the *-property, can be too restrictive. For example, there may be scenarios where a trusted user needs to access sensitive data and, after appropriately sanitizing it, transfer it to an unclassified data object. In such cases, relaxing the *-property may be necessary to accommodate legitimate information flow while still maintaining security measures. Hi Hope this helps thanks for watching and plz subscribe for more such videos...
hi Sorry for the late reply I am so happy that you understood the models and asked this question which most of the students miss..no answering your question If an unauthorized process is able to write at a higher security level, it could potentially violate the confidentiality principles of the Bell-LaPadula model. This unauthorized write access could allow the process to modify or tamper with sensitive data that it shouldn't have access to, potentially compromising confidentiality. It's important to note that the Bell-LaPadula model primarily focuses on preventing unauthorized read access and controlling the flow of information based on security levels. The destruction of data falls more into the realm of data sanitization and secure disposal practices, which are complementary to access control mechanisms in maintaining confidentiality. Thts the reason most of organizations combine bella phadula model with biba model. By combining the Bell-LaPadula model with the Biba model, organizations can establish a more comprehensive security framework that addresses both confidentiality and integrity concerns. The Bell-LaPadula model prevents unauthorized users or processes from accessing information at higher security levels (read-up) and from modifying information at lower security levels (write-down). This helps maintain confidentiality by controlling the flow of information and preventing unauthorized disclosure. On the other hand, the Biba model focuses on maintaining data integrity. It prevents users or processes with lower integrity levels from modifying or corrupting data at higher integrity levels (write-up) and from accessing data at lower integrity levels (read-down). This helps ensure that data remains accurate and trustworthy. Combining these two models allows organizations to create a more robust security posture by addressing both confidentiality and integrity aspects of information security. It helps establish a comprehensive access control framework that governs both read and write operations, preventing unauthorized access, disclosure, and tampering of sensitive information. I hope this helps Thanks for watching and plzsubscribe for more such videos..