Since publication, the Bell-LaPadula model has helped in the advancement of science and technology by providing a mathematical basis for the examination of laboratory security. Moreover, this model is a major component of having a disciplined approach to building secure and effective laboratory systems.
The Bell-LaPadula model can also be used to abstractly describe the computer security system in the laboratory, without regard to the system's application. The goal of modern security research is to facilitate the construction of multilevel secure systems, which can protect information of differing classification from users that have varying levels of clearance.
There are some deficiencies inherent in the Bell and LaPadula model, and there have been efforts to develop a new approach to defining laboratory security models, on the basis that security models should be derived from specific applications.
The use of the Bell and LaPadula Model has been successful in modeling information that is relevant to security, even though this success might be responsible for the vagueness of the model. This vagueness can also be examined with the theory that the Bell and LaPadula Model and Noninterference are equivalent. Laboratory automation makes it possible for scientists to explore data rates that otherwise may be too fast or too slow to examine. ...
vention and creates a more efficient environment in which human beings and technology can interact to produce a great deal more information and accurate data that was not possible prior to automation.
Its approach is to define a set of system constraints whose enforcement will prevent any application program executed on the system from compromising system security. The model includes subjects, which represent active entities in a system (such as active processes), and objects, which represent passive entities (such as files and inactive processes). Both subjects and objects have security levels, and the constraints on the system take the form of axioms that control the kinds of access subjects may have to objects. (http://chacs.nrl.navy.mil/publications/CHACS/2001/2001landwehr-ACSAC.pdf)
While the complete formal statement of the Bell-LaPadula model is quite complex, the model can be briefly summarized by these two axioms stated below:
(a) The simple security rule, which states that a subject cannot read information for which it is not cleared.
(b) The property that states that a subject cannot move information from an object with a higher security classification to an object with a lower classification (i.e. no write down). (http://chacs.nrl.navy.mil/publications/CHACS/2001/2001landwehr-ACSAC.pdf)
These axioms are meant to be implemented by restriction of access rights that users or processes can have to certain objects like devices and files. The concept of trusted subjects is a less frequently described part of the Bell-LaPadula model.
Systems that enforce the axioms of the original Bell-LaPadula model very strictly are often impractical, because in a real system, a user might need to invoke operations that would