Bell-LaPadula: Model & Example

An error occurred trying to load this video.

Try refreshing the page, or contact customer support.

Coming up next: What is Business Process Modeling (BPM)? - Definition, Notation & Examples

You're on a roll. Keep up the good work!

Take Quiz Watch Next Lesson
Your next lesson will play in 10 seconds
  • 0:00 The Bell-LaPadula Model
  • 0:49 Clearance,…
  • 4:29 How the Bell-LaPadula…
  • 5:45 Lesson Summary
Save Save Save

Want to watch this again later?

Log in or sign up to add this lesson to a Custom Course.

Log in or Sign up

Speed Speed Audio mode

Recommended Lessons and Courses for You

Lesson Transcript
Instructor: Raymond Blockmon

Raymond has earned a bachelor's degree in computer information systems and a master's degree in organizational leadership.

In this lesson, we will cover the Bell-LaPadula model, which is a multilevel security system. This system uses classification levels in conjunction with a users security clearance level in order to prevent information being leaked or mishandled.

The Bell-LaPadula Model

The Bell-LaPadula model is a security method created for the US government to preserve the confidentiality of information. When computer mainframes where used in the 1970's, the US military wanted to keep information secured from users who shared mainframes. Thus, the Bell-LaPadula model was born. With multiple users using the same mainframes, there had to be a way in order keep information protected from espionage and accidental sharing. This type of configuration is called a multilevel security system, meaning multiple users with different clearance levels can access the same system. With the Bell-LaPadula model, it creates a system that can process different classification levels securely and the system will always process in a secure state. It has a mathematically proven concept that is still used today.

Clearance, Classification Levels and Rules

The Bell-LaPadula model is a security method of keeping files confidential. The US government uses classification levels, which are rated lowest to highest: Unclassified, Confidential, Secret and Top Secret to a file. Imagine an old cookie recipe has been in the family for years. In order for you to guard it, you would be required to label it as 'Top Secret' and only certain types of people you trust can see it, such as your immediate family.

Here's another example: this very lesson would be considered as 'Unclassified' because anyone can read it and no one is attempting to guard it as a secret.

Final example: your medical records would be considered as 'Secret', because only your doctor, nurse, the medical staff and some family would have access to it.

The people that you trust with your old cookie recipe and the doctor with the medical staff must have a clearance level, or the ability to have important information. The clearance level is measured from lowest to highest and includes: Confidential, Secret and Top Secret. The clearance level is assigned to a person you trust. The higher the clearance, the greater you trust them. If you trust your immediate family with the cookie recipe, they will have the 'Top Secret' clearance. A doctor and his staff will have the 'Secret' level. You and everyone else who is reading this lesson will have the 'Confidential' clearance level.

An object can be a file or a data resource on a system that does nothing without interaction - think of it as your favorite song on your iPod. The song does not do anything unless you click on it to listen to. The subject, another name for the user, is one who uses the object. A basketball player (or subject) can dribble and shoot a basketball (or object). But can the basketball dribble and shoot a basketball player? No, because the basketball cannot do anything without the help from the basketball player. Only a subject can do something to an object - not the other way around.

An access operation can be a read and/or write action. When you play a song on your iPod to listen to, you are actually 'reading' and not editing or changing the song. If you were to write an entry into your journal, you are 'writing' to an object.

Now, let's go over how the subject (or the user) interacts with the object such as a file, recipe, medical records or your favorite song on your iPod.

The Simple Security rule states that a subject cannot read an object with a higher classification level than the subject's clearance level. Think of it as reading a book at your own comprehension level. Most first grade students cannot read a book about thermodynamics because it is above their level of vocabulary and comprehension. This is the same concept with the Simple Security Rule - you can only read at your level of comprehension and lower. So keep it 'simple' and read at your level - and lower!

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account