Bell La Padula was a model for computer operating system security based on the concept of security subjects and security objects, and the capabilities subjects have to change objects. Subjects are active agents in the computer, for example users, processes, i.e. they are entities which can cause change. Objects are those entities in a computer which can be changed.

The Bell La Padula model implements protection by defining an ordered series of security levels for subjects and objects, and enforcing a write-up and read-down rule. This means that a subject at a given security level X can only read objects at the same or lower security levels. Similarly a subject at security level X can only write objects at the same or higher security levels.

See Also Biba Integrity Model for an inherent weakness of this model

Original Paper: D. E. Bell and L. J. LaPadula Secure Computer Systems: Mathematical Foundations and Model. The Mitre Corporation, 1973