From December 2018 Pyrrho has offered a simulation of Bell-LaPadula security, following the Orange Book protocols for mandatory access control. The development of Pyrrho v8 alpha has now reached completed this stage. The current state of the source code and associated documentation is on GitHub as usual. There is a document describing Mandatory Access Control, and this post repeats some of those details.
Mandatory access control is based on the concepts of (a) classification of information and database objects from levels D (public) to A (top secret), (b) clearance of individual users to access classified information, and (c) enforcement of access rules on database tables (Select. Insert. Update, Delete).
Classification can be applied at the level of database tables, table columns, and individual records, and both clearance and classification at levels above D can specify permitted groups and topics for access. The database has a security administrator (in Pyrrho this is the database owner) who can audit and modify any aspect of the security model. All access to classified information (i.e. above level D) is instantly recorded in the database's transaction log giving the user's identity, the time, the tables accessed, and the key if any, even if the user made no changes.
The document Detailed Mandatory Access Control includes a simple example. Here are some extracts:
A. Logged in with MALCOLM1\Malcolm (not the server account)
1. Starting with empty database mac
SQL> create table A(B int,C char)
SQL> create table D(E char primary key)
security level D groups Army Navy references Defence scope read
SQL> create table F(G char primary key,H
char security level C)
2. Create some users with and without clearance
SQL> grant "mac" to
"MALCOLM1\Student"
SQL> grant "mac" to
"MALCOLM1\Fred"
SQL> grant security level B groups Army
references Defence Cyber to "MALCOLM1\Student"
SQL> table "Sys$User"
|---|----------------|-----------|-----------|-----------------------|
|Pos|Name
|SetPassword|InitialRole|Clearance |
|---|----------------|-----------|-----------|-----------------------|
|26
|MALCOLM1\Malcolm| |mac | |
|366|MALCOLM1\Student| |mac | B{ARMY}[CYBER,DEFENCE]|
|416|MALCOLM1\Fred |
|mac | |
|---|----------------|-----------|-----------|-----------------------|
3. Add some rows with and without classification
SQL> insert into A values(2,'Two')
1 records affected in mac
SQL> insert into A values(3,'Three')
security level C
1 records affected in mac
SQL> insert into D values('Test')
1 records affected in mac
SQL> insert into F
values('MI6','sis.gov.uk')
1 records affected in mac
SQL> table "Sys$Classification"
|---|-----------|----------------------|---------------|
|Pos|Type |Classification |LastTransaction|
|---|-----------|----------------------|---------------|
|553|Record | C |537 |
|154|Table | D{ARMY,NAVY}[DEFENCE]|138 |
|313|TableColumn|
C |248 |
|---|-----------|----------------------|---------------|