The Bell-LaPadula Model
The Bell-LaPadula security model deals with the preservation of confidentiality, and only confidentiality. Why? Because the government is all about keeping secrets. Lots of different types of secrets with varying levels of secrecy that require different types of classification labels.
The truth about the existence of space aliens would probably be something that is Top Secret.
Compared to aliens, the statistics on the number of Navy SEALS unofficially fighting with the Peshmerga in Kurdistan would probably be labeled a Secret.
What about the number of staplers being delivered to the Pentagon? It seems like a trivial piece of information, but according to the government it could also be considered a secret. It's not as secretive as aliens or military commandos, so it might just get a classification label of "Confidential".
All these types of secrets may one day have to traverse from one secure system to the next. Intelligence may need to go from a server that is Secret, to a server that is Top Secret.
This was why The Bell-LaPadula model was created, to manage a multi-level security system.
To manage the flow of different types of secrets, the Bell-LaPadula model utilizes 3 rules:
The Simple Security Rule - A person in one classification level, cannot read data in a higher classification level. If you have a Secret clearance, then you cannot read objects with a label of Top Secret. This is also known as No Read Up.
The Star Property Rule - A person in a higher classification level, cannot write messages to someone in a lower classification level. If you have a clearance of Top Secret, then you cannot write messages to someone with a Secret clearance. This is known as No Write Down.
The Strong Star Property Rule - A person in one classification level cannot read or write intelligence to any other classification level. If you have a clearance of Secret, then you are only allowed to read and write data to objects with the same classification label.
Our members section of the site has a video on both Mandatory Access Control and The Bell-LaPadula model. Click here if you'd like to subscribe.
Disclaimer: I don't work in the government, all my examples are speculation.