|
|
|
The developers of the ADEPT-50 system presented a formal model of the security controls that predated the Bell-LaPadula Model [633, 1037]. Landwehr and colleagues [612] explored aspects of formal models for computer security. Denning used the Bell-LaPadula Model in SeaView [272, 275], a database designed with security features. The model forms the basis for several other models, including the database model of Jajodia and Sandhu [521] and the military message system model of Landwehr [613]. The latter is an excellent example of how models are applied in practice.
Dion [300] extended the Bell-LaPadula Model to allow system designers and implementers to use that model more easily. Sidhu and Gasser [921] designed a local area network to handle multiple security levels.
Feiertag, Levitt, and Robinson [341] developed a multilevel model that has several differences from the Bell-LaPadula Model.Taylor [992] elegantly compares them. Smith and Winslett [936] use a mandatory model to model databases that differ from the Bell-LaPadula Model.
Gambel [379] discusses efforts to apply a confidentiality policy similar to Bell-LaPadula to a system developed from off-the-shelf components, none of which implemented the policy precisely.
Irvine and Volpano [513] cast multilevel security in terms of a type subsystem for a polymorphic programming language.
|
|
|
| Top |