A multilevel security model for distributed object systems

  • Vincent Nicomette
  • Yves Deswarte
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1146)


In this paper, the Bell-LaPadula model for multilevel secure computer systems is discussed. We describe the principles of this model and we try to show some of its limits. Then we present some possible extensions of this model, with their drawbacks and advantages. We finally present our own extension of the model for object-oriented systems. In this last section, we first explain the principles of our security policy, then we describe the rules of our authorization scheme and we give an example of a typical scenario in a distributed object-oriented system.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    D. Bell and L. LaPadula, “Secure Computer Systems: unified Exposition and Multics Interpretation,” Tech. Rep. MTR-2997, MITRE Co., July 1975.Google Scholar
  2. 2.
    “U.S. Departement of Defense Trusted Computer Security Evaluation Criteria (TCSEC).” 5200.28-STD, December 1985.Google Scholar
  3. 3.
    C. Landwehr, “Formal Models for Computer Security,” ACM Computing Surveys, vol. 3, pp. 247–278, September 1981.Google Scholar
  4. 4.
    E. R. Lindgreen and I. Herschberg, “On the Validity of the Bell-LaPadula Model,” Computers and Security, vol. 13, pp. 317–333, 1994.Google Scholar
  5. 5.
    J. McLean, “Reasoning about Security Models,” in Proc. of Symposium on Research in Security and Privacy, IEEE Computer Society Press, (Oakland, California(USA)), pp. 123–131, 1987.Google Scholar
  6. 6.
    D. Bell, “Concerning ‘Modeling’ of Computer Security,” in Proc. of Symposium on Research in Security and Privacy, IEEE Computer Society Press, (Oakland, California(USA)), pp. 8–13, 1988.Google Scholar
  7. 7.
    J. Woodward, “Exploiting the Dual Nature of Sensitivity Labels,” in Proc. of Symposium on Research in Security and Privacy, IEEE Computer Society Press, (Oakland, California(USA)), pp. 23–30, 1987.Google Scholar
  8. 8.
    L. Fraim, “Scomp: A Solution to the Multilevel Security Problem,” IEEE Computer, vol. 16, pp. 26–34, July 1983.Google Scholar
  9. 9.
    B. d'Ausbourg, “Implementing Secure Dependencies Over a Network by Designing a Distributed Security Subsystem,” in Proc. of European Symposium on Research in Computer Security, (Brighton(UK)), pp. 249–266, November 1994.Google Scholar
  10. 10.
    J. Banino, J. Fabre, M. Guillemont, G. Morisset, and M. Rozier, “Some Fault-Tolerant Aspects of the Chorus Distributed System,” in Proc. of 5th International Conference on Distributed Computing Systems, (Denver, Colorado), pp. 430–437, May 1985.Google Scholar
  11. 11.
    T. Keefe, W. Tsai, and M. Thuraisingham, “SODA: a Secure Object-oriented Database System,” Computers and Security, vol. 8, no. 6, pp. 517–533, 1989.Google Scholar
  12. 12.
    S. Jajodia and B. Kogan, “Integrating an Object-Oriented Data Model with Multi-Level Security,” in Proc. of the 1990 IEEE Symposium on Security and Privacy, (Oakland, CA), pp. 48–69, May 1990.Google Scholar
  13. 13.
    E. Bertino, P. Samarati, and S. Jajodia, “High Assurance Discretionary Access Control for Object Bases,” in Proc. of 1st ACM Conference on Computer and Communications Security, (Fairfax, Virginia (USA)), pp. 140–150, November 1993.Google Scholar
  14. 14.
    K. Biba, “Integrity Considerations for Secure Computer Systems,” Tech. Rep. ESD-TR 76-372, MITRE Co., April 1977.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Vincent Nicomette
    • 1
  • Yves Deswarte
    • 1
  1. 1.LAAS-CNRS & INRIAToulouse CedexFrance

Personalised recommendations