David Elliott Bell (born in 1945) is an American mathematician and computer security pioneer. While working at MITRE Corporation, he and Leonard J. LaPadula co-developed the highly influential Bell–LaPadula model.[1] In 2012, Bell was interviewed as part of an effort by the National Science Foundation to document the “Building an Infrastructure for Computer Security History.”[2] In recognition of his contributions to the computer security field, Bell was inducted into the Cyber Security Hall of Fame in 2013.[3]
David Elliott Bell | |
---|---|
Personal details | |
Born | David Elliott Bell Liberal, Kansas, U.S. |
Education | Davidson College (Bachelor of Mathematics) Vanderbilt University (Master of Mathematics) (Doctor of Mathematics) |
The first step in the Bell-LaPadual model development provided tools for guiding and analyzing computer systems under development.[4] The last step in the model development was the application of the general model to the Multics operating system.[5] When the Computer Security Center at the Department of Defense published its Trusted Computer System Evaluation Criteria in 1983, the Bell-La Padula model was the only security model included to illustrate the "security model" required at the B2 level and above.
At the 21st Annual Computer Security Applications Conference in Tucson, Arizona in 2005, Bell presented a look back at the Bell-LaPadula model.[6] In 2006, Bell published an addendum to his 'Looking Back at the Bell-LaPadula Model.[7]
For NSA, he was Deputy Chief of the Research Office of the Computer Security Center, Acting Chief of the Research Office, and COR for a major acquisition. At Trusted Information Systems, he was the Senior Vice President and Corporate Secretary. He ran his own consulting company (BBND, Incorporated) before returning to the technical path at Mitretek Systems and EDS.
While working at Trusted Information Systems, Bell presented two papers, "Lattices, Policies and Implementations",[8] and "Trusted Xenix Interpretation: Phase 1".[9] At the 13th National Computer Security Conference.
The two papers Bell published in 1991 and 1992, "Lattices, Policies and Implementations" and "Putting Policy Commonalities to Work",[10] together showed that all the apparently different security policies that had been published were Boolean-Lattice policies, and were thus identical under the skin. His constructive result demonstrated how to realize each of the published policies using a single "Universal Lattice Machine." This work consolidated the apparently different security policies and made them one.
At the 1994 New Security Paradigms and Workshop (NSPW), Bell presented his paper on "Modeling the 'multi-policy machine' ".[11] Paper Abstract: A method of treating several unspecified policies is presented. Precise notions of policy combination, policy conflict, conflict resolution, and policy precedence are introduced. Necessary and sufficient conditions for policies to be combined without conflict are established.
In 1996, while working for Mitretek Systems, Bell published a paper on "Generic Model Interpretations POSIX.1 and SQL" as an improvement to trusted systems that conform to industry standards that are conducive to generic model interpretation.[12]
References
edit- ^ "An Interview with David Elliott Bell" (PDF). Charles Babbage Institute. Virginia: University of Minnesota, Minneapolis. 24 September 2012. Retrieved 30 November 2022.
- ^ Bell, David Elliott (2012-09-24). "Oral history interview with David Elliott Bell". hdl:11299/144024.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ "Cyber Security Cyber Security Inductees, Class of 2013". www.cybersecurityhalloffame.org. Retrieved 2022-11-07.
- ^ Bell, David Elliott & LaPadula, Leonard J. (1973). "Secure Computer Systems: Mathematical Foundations" (PDF). MITRE Corporation. Archived from the original (PDF) on 2006-06-18. Retrieved 2022-11-10.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Bell, David Elliott & LaPadula, Leonard J. (1976). "Secure Computer System: Unified Exposition and Multics Interpretation" (PDF). MITRE Corporation.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Bell, David Elliott (December 2005). "Looking Back at the Bell–LaPadula Model" (PDF).
- ^ Bell, David Elliott (November 2006). "Looking Back Addendum" (PDF). Archived from the original (PDF) on 2011-08-27.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Bell, David Elliott (1990). "Lattices, Policies and Implementations" (PDF). Proceedings of the 13th National Computer Security Conference. Washington, DC. pp. 165–171.
- ^ Bell, David Elliott (1990). "Trusted Xenix Interpretation: Phase 1" (PDF). Proceedings of the 13th National Computer Security Conference. Washington, DC. pp. 333–339.
- ^ Bell, David Elliott (1991). "Putting Policy Commonalities to Work" (PDF). Proceedings of the 14th National Computer Security Conference. Washington, DC. pp. 456–471.
- ^ Bell, David Elliott (1994). "Modeling the multi-policy machine". Proceedings of the 1994 New Security Paradigms and Workshop. Little Compton, RI.
- ^ Bell, David Elliott (October 1996). "Generic Model Interpretations POSIX.1 and SQL" (PDF). csrc.nist.gov.