INFO5301 Information Security Management
James is in level C, which is lower than the security level of Security Logs, SC. Thus, James
can not read security logs under Bell-La Padula model.
1.1.2 Alice can write to activity logs of the company.
Answer: Wrong. Despite Alice is in the highest security level, this violates∗−property and
is not allowed.
"No write down" prevents someone with a higher security clearance mistakenly or inten-
tionally sharing confidential information by writing to an object at a lower security level.
1.1.3 Karl can add entry to payroll information folder.
Answer: Right. Although it seems odd, writing to higher security levels from lower level
subjects are not prohibited under Bell-La Padula model.
Therefore, Karl who is in the UC level can append an entry to TS payroll information.
The intuition behind this is that if a subject with new information wants to update the system
or wants to provide feedback, it is safer to let the subject to update higher security levels than
revealing potentially secret information to lower levels.
1.2IfBiba security model is implemented, explain the following statements are right or
wrong, and why ?
1.2.1 Alice can read activity logs of the company.
Answer: Wrong. Biba model is focused on preserving integrity and based the following
two rules;
• No read Down: Subject S can read object O only if I s(Integrity level of S) less than or
equal to I o(Integrity level of O).
• No write UP: Subject S can write to object O only if I ois less than or equal to I s.
Alice is in the highest security level and therefore under Biba model reading lower classified
information is prohibited.
1.2.2 Karl can add entry to payroll information folder.
Answer: Wrong. This violates the "No write UP" rule in Biba model.
This rule prevents information in higher security levels contaminated with unreliable infor-
mation from lower levels.
(Discussion:10 mins)
Exercise 2
Duration: 8 mins
Assume a Bell-La Padula model with security levels (H,L), such that H≥L, and security
categories (A,B).
2.1Draw a lattice of security labels with directed arrows representing dominance relation-
ship among the labels. Note: Given a set of security levels and categories (L,C);(L1,C1)domi-
Information Security Management Page 2of 5