INFO5301 Assignment 4
Information Security Management
This tutorial contains three exercises to learn practical applicability of security models. You should
attempt to answer these questions individually during the allocated time.
Exercise 1
Duration: 10 mins
The following Table explains security clearances for subjects and security classification for
objects in a company.
Subject Security Level Clearance
Alice Top Secret (TS)
Bob Secret (SC)
James Confidential (C)
Karl Unclassified (UC)
Object Security Level Classification
Payroll information Top Secret (TS)
Security Logs Secret (SC)
Activity logs Confidential (C)
Staff directory Unclassified (UC)
1.1IfBell-La Padula security model is implemented, explain the following statements are
right or wrong, and why ?
1.1.1 James can obtain entrance door lock codes stored in security logs to enter the building
after office hours.
Answer: Wrong.
Bell-La Padula model is based on two primary rules;
• Simple-Security Property (ss-property or No Read UP ): A subject can not read object
in the higher security clearance level.
• The star property (∗-property or No Write Down : A subject can not move information
from an object with a higher security classification (or write) to an object with a lower
classification.
1