Date of Award
Master of Science in Information Systems and Technology
Information and Decision Sciences
First Reader/Committee Chair
1. The Bell-LaPadula Model enforces the Multilevel Security access control policies by implementing simple security property and star property. No published research has been done to identify vulnerable node in the Information Flow Digraph and measure their level of vulnerability. In this Culminating Experience Project, the Multilevel access control policy digraph representing Bell-LaPadula Model was transformed into Information Flow Digraph representing the information flow between the Subject and Object. The questions for this project were: Q#1: How should we interpret the critically identified nodes from the information flow perspective (or in MLS context)? Q#2: If the critically important node(s) is (are) compromised or polluted, what are the negative impacts that it (or they) can bring to the whole network?
2. Our findings can be summarized by answering the above questions, The answer for Q#1 is: The Betweenness Centrality algorithm is applied to this information flow digraph, to identify the most important entities in the network. These most important entities can be interpreted as the most vulnerable nodes in the network from the Information flow perspective and their vulnerability levels can also be measured. The answer for Q#2 is: If these most vulnerable nodes are compromised then their polluted data files can be propagated into the whole network in the shortest possible ways. The conclusion is that, by locating the important node by using betweenness centrality algorithm, we show how this critically important node can be interpreted in multilevel security context from the information flow perspective. Areas for further study includes if an additional factor such as security level is added to our model, we like to study how this additional factor can change the way we identify the vulnerable nodes and measure their vulnerabilities.
Bere, Keerthi Prayojitha, "Information Flow Analysis in Multi-Level Security" (2022). Electronic Theses, Projects, and Dissertations. 1592.