David Elliott Bell and Leonard J. LaPadula designed the Bell-LaPadula model with a primary goal of ensuring confidentiality. It enforces security through two primary rules, commonly called no read up and no write down. Each of these rules compares the subject’s clearance with the object’s classification.
Simple security property rule—no read up : subjects granted access to any security level may not read an object at a higher security level. For example, if Joe is granted Secret access, he cannot read materials classified as Top Secret.
The * property (read as “star-property”) rule—no write down : Subjects granted access to any security level may not write to any object at a lower security level. For example, if Sally is granted Top Secret access, she cannot create or modify documents classified as Secret.