CBK#6 Security Architecture & Models - Page 5

CBK#6 Security Architecture & Models - Page 1 2 3 4 5 6 7 8 9

Continued … Bell-Lapuda model:
Is an information flow security model, which means that information does not flow to an object of lesser or noncomparable classification.
Two main rules:
- The simple security rule - A subject at a given security level cannot read data that resides at a higher security level. Is referred to no "read up" rule.
- *-property - States that a subject in a given security level cannot write information to a lower security level. Is referred to no "write down" rule.
Defines a secure state as a secure computing environment and the allowed actions which are security-preserving operations.
Basic Security Theorem - If a system initializes in a security state and all state transitions are secure, then every subsequent state will be secure no matter what inputs occur.
The model provides confidentiality, and does not address integrity of the data the system maintain.

Biba model:
Is an information flow model, concerned about data flowing from one security level to another.
Uses a state machine model.
Address the integrity of data being threatened when subject can read data at lower levels.
Prevents data from any integrity level from flowing to a higher integrity level.
Two main rules:
- "No write up" - A subject cannot write data to an object at a higher integrity level.
- "No read down" - A subject cannot read data from a lower integrity level.

Clark-Wilson model:
Protecting the integrity of information by focusing on preventing authorized users from making unauthorized modifications of data, fraud, and errors within commercial applications.
Users cannot access and manipulate objects directly, but must access the object through a program.
Uses also separation of duties, which divides an operation into different parts and requires different users to perform each part. This prevents authorized user from making unauthorized modifications to data, which again protects its integrity.
Auditing is also required to track the information coming in from the outside of the system.

Information flow model:
Can deal with any kind of information flow, not only the direction of the flow.
Looks at insecure informational flow that can happen at the same level and between objects along with the flow between different levels.
A system is secure if there is no illegal information flow permitted.

Non interference Model:
Ensure that any actions that take place at a higher security level do not affect, or interfere, with actions that take place at a lower level.

CBK#6 Security Architecture & Models - Page 1 2 3 4 5 6 7 8 9

CISSP Summary 2002Related links | References

CBK#1 Access Control Systems & Methodology | CBK#2 Telecommunications & Network Security | CBK#3 Security Management Practices | CBK#4 Applications & Systems Development Security | CBK#5 Cryptography | CBK#6 Security Architecture & Models | CBK#7 Operations Security | CBK#8 Business Continuity Planning & Disaster Recovery Planning | CBK#9 Law, Investigations & Ethics | CBK#10 Physical Security

Contact:

E-mail: john.wallhoff@mailbox.swipnet.se
Written by: J.Wallhoff January - April 2002
Updated by: J.Wallhoff April 2002