Security Models

Defines essential aspects of security and their relationship with the operating system and its performance

\

Bell-LaPadula (BLP) security model

This model is a way to provide confidentiality to a system

Simple security property
  • States that a subject at a given security level may not read an object at a higher security level (NO READ UP)
* security property
  • States that a subject at a given security level may not write to any object at a lower security level (NO WRITE DOWN)
Strong * security property
  • States that a subject at a given security level may only write to objects with a matching security level
Discretionary security property
  • Uses an access matrix to specify the discretionary access control

\

Biba integrity model

This model describes a set of access control rules designed to ensure data integrity by grouping objects and subjects into ordered levels of integrity

Simple integrity property
  • States that a subject at a given level of integrity must not read data at a lower integrity level (NO READ DOWN)
* integrity property
  • States that a subject at a given level of integrity must not write to data at a higher integrity level (NO WRITE-UP)
Invocation property
  • States that a process from below cannot request higher access; only with subjects at an equal or lower integrity level

\

Lipner's model

This model combines the elements of the BLP and Biba models to provide confidentiality and integrity to the system

\ Uses three principles to ensure a system's confidentiality and integrity

Separation of duty
  • Requiring at least two different people to perform the steps if two or more steps are required to perform the duty
Separation of function
  • Isolating the assets of an organization from each other based on function
Auditing
  • Analyzing systems to determine what actions took place and who performed them

\

Clark-Wilson integrity model

This model, based on the notion of a transaction, provides a foundation for specifying and analyzing an integrity policy for a computing system

A well-formed transaction is a series of operations that transition a system from one consistent state to another consistent state

The integrity policy in this model addresses the integrity of the transactions

The principle of separation of duty requires that the certifier of a transaction and the implementer be different entities

\

Chinese Wall model

This security model concentrates on confidentiality that helps prevent there from being conflicts of interest between different businesses and organizations