Laboratory Information Management Systems

Laboratory Information Management Systems

THE APPLICATIONOF THE BELL-LAPADULA MODEL FOR LABORATORY INFORMATION MANAGEMENT SYSTEMS

1/11

Laboratory Information Management Systems

By

Ali Salman

A DISSERTATION Submitted to The University

In partial fulfillment of the requirements for the degree of

MASTER OF SCIENCE

07/15/ 2008

ABSTRACT

This is a research conducted by investigating the possible practical applications of the Bell-Lapadula model in library information management systems (LIMS). The main aim of modern security research is to facilitate the construction of multilevel secure systems, which can protect information of differing classification from users that have varying levels of clearance. Since publication, the Bell-LaPadula model has helped in the advancement of science and technology by providing a mathematical basis for the examination of laboratory security. Moreover, this model has been major component of having a disciplined approach to the building of effective and secure laboratory systems.

2/11

Laboratory Information Management Systems

DECLARATION

I hereby certify that this dissertation constitutes my own product, that where the language of others is set forth, quotation marks so indicate, and that appropriate credit is given where I have used the language, ideas, expressions, or writings of another.

I declare that the dissertation describes original work that has not previously been presented for the award of any other degree of any institution.

Signed,

Ali Salman

ACKNOWLEDGEMENTS

TABLE OF CONTENTS

Page

LIST OF TABLES viii

3/11

Laboratory Information Management Systems

LIST OF FIGURES ix

Chapter 1. Introduction 1

Chapter 2. Background and review of literature 2

Chapter 3. Theory 4

Chapter 4. Analysis and Design 5

Chapter 5. Methods and Realization 6

Chapter 6. Results and Evaluation 7

Chapter 7. Conclusions 8

REFRENCES 9

APPENDIX  10

LIST OF TABLES

Page

4/11

Laboratory Information Management Systems

Table 1 Principle Topics in Pattlets. 3

Table 2 Full Pattern-Description Organization. 3

LIST OF FIGURES

Page

Figure 1. Navigational Data-Entity Hierarchy (typical) 3

Figure 2. Converse Matching of Association Types in Data-Entity Relationships. 3

Introduction

The objective of this research is to ascertain the ways in which the bell-lapadula model can be applied to Laboratory Information Management Systems. Laboratory automation occurs when the application of technology is used to reduce the need for human intervention in the laboratory. This makes it possible for scientists to explore data rates that otherwise may be too fast or too slow for proper scientific examination. In recent years, the Bell-LaPadula model has been employed more and more in scientific laboratories, and has also dominated efforts to build secure computer systems for laboratory use. Since publication, the Bell-LaPadula model has helped in the advancement of science and technology by providing a mathematical basis for the examination of laboratory security. Moreover, this model is a major component of having a disciplined approach to building secure and effective laboratory systems. The Bell-LaPadula

5/11

Laboratory Information Management Systems

model can also be used to abstractly describe the computer security system in the laboratory, without regard to the system’s application. The goal of modern security research is to facilitate the construction of multilevel secure systems, which can protect information of differing classification from users that have varying levels of clearance.

There are some deficiencies inherent in the Bell and LaPadula model, and there have been efforts to develop a new approach to defining laboratory security models, on the basis that security models should be derived from specific applications.

Scope

This dissertation covers the applicability of the bell-lapadula model in Laboratory Information Management Systems, and the limitations involved in the use of the Bell-LaPadula model, including an absence of policies for changing user access rights. Also to be covered is the relationship that this model has with other existing security policy models available, and the possibility of using the model in other applications where information exposure must be localized, for example in private banking and in the management of intelligence data.

Problem Statement

The use of the Bell and LaPadula Model has been successful in modeling information that is relevant to security, even though this success might be responsible for the vagueness of the model about its primitives. This vagueness can also be examined with respect to the theory that the Bell and LaPadula Model and Noninterference are equivalent. Laboratory automation makes it possible for scientists to explore data rates that otherwise may be too fast or too slow to properly examine. Therefore, an automated laboratory reduces the need for human intervention

6/11

Laboratory Information Management Systems

and creates a more efficient environment in which human beings and technology can interact to produce a great deal more information and accurate data that was not possible prior to automation.

Its approach is to define a set of system constraints whose enforcement will prevent any application program executed on the system from compromising system security. The model includes subjects, which represent active entities in a system (such as active processes), and objects, which represent passive entities (such as files and inactive processes). Both subjects and objects have security levels, and the constraints on the system take the form of axioms that control the kinds of access subjects may have to objects. ( http://chacs.nrl.navy.mil/publications /CHACS/2001/2001landwehr-ACSAC.pdf

)

While the complete formal statement of the Bell-LaPadula model is quite complex, the model can be briefly summarized by these two axioms stated below:

(a) The simple security rule, which states that a subject cannot read information for which it is not cleared (i.e. no read up)

(b) The property that states that a subject cannot move information from an object with a higher security classification to an object with a lower classification (i.e. no write down). ( http://chacs.n rl.navy.mil/publications/CHACS/2001/2001landwehr-ACSAC.pdf

)

These axioms are meant to be implemented by restriction of access rights that users or processes can have to certain objects like devices and files. The concept of trusted subjects is a less frequently described part of the Bell-LaPadula model.

7/11

Laboratory Information Management Systems

Systems that enforce the axioms of the original Bell-LaPadula model very strictly are often impractical, because in a real system, a user might need to invoke operations that would require subjects to violate the property, even though they do not go against our basic intuitive concept of laboratory security. For instance, there might be need in the laboratory to extract an UNCLASSIFIED paragraph from a CONFIDENTIAL document for use in a document that is UNCLASSIFIED. A system that strictly enforces the properties of the original Bell-LaPadula model might prohibit this kind of operation. As a result, a class of trusted subjects has had to be included in the Bell-LaPadula model, and is trusted not to violate security, although they might violate the property. Laboratory systems that are based on this less restrictive model usually have mechanisms that permit some of the operations that the property would normally not allow.

It should also be noted that a number of projects have used the Bell-LaPadula model for description of their security requirements, although strict enforcement of the Bell-LaPadula axioms without the implementation of trusted subjects turns out to be overly restrictive in these projects. Thus, there has been widespread introduction of these trusted processes to implement the concept of trusted subjects.

There are also some limitations involved in the use of the Bell-LaPadula model, including an absence of policies for changing user access rights. With this model, there can be secure and complete general downgrade, and is it is intended for systems that have static security levels.

The Bell-Lapadula model would be a suitable idea for Laboratory Information Management Systems because the model focuses on data confidentiality and access to classified information, in contrast to some other models that describe rules for data protection and integrity. Clear and concise access rules for clinical information systems spells out by this model. Furthermore, it reflects current best clinical practice, and it’s informed by the actual threats to privacy, its objective is to the maximum number of records accessed by any user, and at the same time the number of users who can access any record and this has to do with controlling information flows across rather than down and at the same time a strong notification property should be enforced. I will also discuss its relationship with other existing security policy models available, and the possibility of its usage in other applications where information

8/11

Laboratory Information Management Systems

exposure must be localized, which ranges from private banking to the management of intelligence data, and much more.

Another area in which laboratories could benefit by using the Bell-Lapadula model is the multi million dollar drug industry, which requires a high level of security and confidentiality since drug research sensitive, and results or findings in an ongoing research may sometimes need to be kept from unauthorized persons.

Approach

This research will be conducted by investigating the possible practical applications of the Bell-Lapadula model. This would be conducted and tested physically and objectively. A prototype will be built in order for it to be properly tested, since it is practical. The testing stage will involve programming codes for different levels of security and the objective is to find out if security can be breached at any stage.

Outcome

Background and review of literature

Related Work

Literature

Industry Sources

9/11

Laboratory Information Management Systems

Theory

A

B

Analysis and Design

A

B

C

Methods and Realization

A

B

C

Results and Evaluation

A

B

C

Conclusions

Lessons Learned

Future Activity

Prospects for Further Work

REFRENCES

10/11

Laboratory Information Management Systems

Christine Paszko, Elizabeth Turner, Mary D. Hinton (2001). Laboratory

Informa tion Management Systems

http://chacs.nrl.navy.mil/publications/CHACS/2001/2001landwehr-ACSAC.pdf

APPENDIX

11/11