Discussion Questions: Bishop, Chapter 5 Confidentiality Policies

1
Discussion Questions Bishop, Chapter 5
(Confidentiality Policies)

• Bishop in many places emphasizes that a
  confidentiality policy is not concerned with
  integrity. Is this a good distinction to make?
  Why or why not?
• How does Bell-LaPadula combine mandatory and
  discretionary controls? Why? Does the theory
  mainly address the mandatory or the discretionary
  aspects of the model?
• The example on page 127 involves a colonel trying
  to send a message to a major with a lower
  clearance. The solution is to allow the colonel
  to temporarily lower her clearance, then send the
  message. Why not just let her send the message
  to the lower clearance level?
• Explain the difference between hard links and
  symbolic links in UNIX (or if you dont know,
  ask, so we can cover this in class and the
  section might make more sense)
• Now that you have read the basic definition of
  confidentiality policy (definition 4-4 and 4-9)
  and some basic policy models and examples,
  explain why Bell-LaPadula fits the basic
  definition / intent of policies so defined