Which of the following is a limitation of the Bell-LaPadula model?
A.
Segregation of duties (SoD) is difficult to implement as the "no read-up" rule limits the ability of an object to access information with a higher classification.
B.
Mandatory access control (MAC) is enforced at all levels making discretionary access control (DAC) impossible to implement.
C.
It contains no provision or policy for changing data access control and works well only with access systems that are static in nature.
D.
It prioritizes integrity over confidentiality which can lead to inadvertent information disclosure.
Bell-LaPadula model has two major limitations:
It provides confidentiality only. (no integrity, authentication ,etc.)
It provides no method for management of classifications:
It assumes all data are assigned with a classification
It assumes that the data classification will never change.
given answer correct
A. Segregation of duties (SoD) is difficult to implement as the "no read-up" rule limits the ability of an object to access information with a higher classification.
The Bell-LaPadula model enforces the "no read-up" and "no write-down" rules, which restrict subjects from reading information at a higher security level (no read-up) and writing information to a lower security level (no write-down). While these rules help maintain confidentiality, they can hinder the implementation of segregation of duties by restricting access to information, making it challenging for users to perform their tasks if they require access to data at higher security levels to carry out their responsibilities effectively.
Not A SOD: This is not a limitation of the Bell-LaPadula model but rather a characteristic of the model. The "no read-up" rule is intentional and reflects the model's emphasis on confidentiality.
Per ISC Official guide, In Bell-LaPadula model, difficult to Implement No Read-UP.
Reference Chapter-8 Principles of Security Models, Design and Capabilities
Limitations
---------------------
* Only addresses confidentiality, control of writing (one form of integrity), *-property and discretionary access control
* Covert channels are mentioned but are not addressed comprehensively
* The tranquility principle limits its applicability to systems where security levels do not change dynamically. It allows controlled copying from high to low via trusted subjects. [Ed. Not many systems using BLP include dynamic changes to object security levels.]
https://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_model
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Cww1
Highly Voted 2 years, 2 months agojackdryan
1 year, 6 months agoSoleandheel
Most Recent 11 months, 2 weeks agoxxxBadManxxx
11 months, 3 weeks agoMikailia
10 months agoDam0s
1 year, 1 month agoedwinpantony
1 year, 5 months agoedwinpantony
1 year, 5 months agosec_007
2 years agoDERCHEF2009
2 years, 2 months ago