- Policy
- Policy languages: high level, low level

- Bell-LaPadula Model (security classifications only)
- Go through security clearance, classification
- Describe simple security condition (no reads up), *-property (no writes down), discretionary security property
- State Basic Security Theorem: if it's secure and transformations follow these rules, it's still secure

- Bell-LaPadula Model (security levels)
- Go through security clearance, categories, levels

- Lattice models
- Poset, ≤ the relation
- Reflexive, antisymmetric, transitive
- Greatest lower bound, least upper bound
- Example with complex numbers

- Bell-LaPadula Model
- Apply lattice work
- Set of classes SC is a partially ordered set under relation ≤ with GLB (greatest lower bound), LUB (least upper bound) operators
- Note: is reflexive, transitive, antisymmetric
- Examples: (A, C) ≤ (A´, C´) iff A ≤ A´
and C ⊆ C´;

LUB((A, C), (A´, C´)) = (max(A, A´), C ∪ C´), GLB((A, C), (A´, C´)) = (min(A, A´), C ∩ C´)

- Describe simple security condition (no reads up), *-property (no writes down), discretionary security property
- State Basic Security Theorem: if it's secure and transformations follow these rules, it's still secure
- Maximum, current security level

- Apply lattice work
- Example: DG/UX UNIX
- Labels and regions
- Multilevel directories

Here is a PDF version of this document.