Home /
Expert Answers /
Computer Science /
a-company-is-implementing-bell-lapadula-model-for-access-control-below-are-the-access-control-mat-pa434
(Solved): A company is implementing Bell-Lapadula model for access control. Below are the access control mat ...
A company is implementing Bell-Lapadula model for access control. Below are the access control matrix and the classifications of various objects and people. After going through them answer the following questions. Make sure to show the decision process that lead to your answer. - There are three levels: ecre oon normo I . - Amy and Chris are cleared as oon i den - Bob is cleared as se cre - Laura is cleared as normo i - Files Salar ie s and Vacat;i ons are classified s ecre I - File But lding map is classified you f i den I i a I - File Ori ent;at; ion is classified norms i (a) Which files can Chris read?
(b) Who can read the file Building map? (c) Who can write on file Vacat i ons? (d) How can we grant to Laura permission to read the Vac at i ons and Oriental i on files?
Expert Answer
(a) As per the given access control matrix, Chris has write and read access to the file "Vacations" and read access to the files "Building map" and "Orientation".The classifications of the files are:Amy and Chris are cleared as "confidential" and Bob is cleared as "secret", while Laura is cleared as "unclassified".According to the Bell-Lapadula model, a subject (i.e., a person) can read an object (i.e., a file) only if the subject's clearance level is equal to or greater than the classification level of the object.Since Chris is cleared as "confidential", he can access information classified at the "confidential" level and below. Therefore, Chris can read all files, including "Salaries" and "Vacations", which are classified as "secret". However, the access control matrix only grants Chris read and write access to "Vacations".