Unlock the Power of FortiGate Mastery with Our Latest Release Fortinet Certified Associate – FortiGate Operator Course. Enroll Now!
Introduction The demand for scalable, reliable, and secure cloud services has never been higher in today’s digital landscape. AWS Global Infrastructure is a beacon of
Introduction The way we manage container orchestration has been entirely transformed by Kubernetes, which has made application deployment, scaling, and management much more accessible. It’s
Introduction In the ever-evolving landscape of cloud computing, two prominent paradigms have emerged to revolutionize the way applications are deployed and managed: Function as a
Table of Contents
A security model in an information system are the set of procedures to evaluate and authenticate security policies in order to map the intellectual goals of the policy to an information system by specifying explicit data structures and techniques necessary to implement the security policy. A security model is usually represented in mathematics and analytical ideas, which are mapped to system specifications and then developed by programmers through programming code. Several security models have been developed to enforce security policies. The following section provides fundamental concepts of security models which must be familiar with it as a CISSP candidate.
The Bell-LaPadula model works with a multilevel security system. In this system, a user uses it with different approvals, and then it processes the data at different classification levels. The Bell-LaPadula model was the first mathematical model, and it was developed in the 1970s to prevent secret information from being accessed in an unauthorized manner.
Three main rules are used and enforced in the Bell-LaPadula model:
It states that a subject at a given security level cannot read data that resides at a higher security level.
It states that a subject at a given security level cannot write information to a lower security level.
It states that a subject who has read and write capabilities can only perform both of the functions at the same security level; nothing higher and nothing lower.
So, for a subject to be able to read and write to an object, the subject’s approval and the object classification must be equal.
The Biba model is a security model that addresses the integrity of data within a system. It is not concerned with security levels and confidentiality. The Biba model uses integrity levels to prevent data at any integrity level from flowing to a higher integrity level.
Biba has three main rules to provide this type of protection:
The subject cannot write data to an object at a higher integrity level.
The subject cannot read data from a lower integrity level.
The subject cannot invoke service at higher integrity.
The Clark-Wilson model was developed after Biba and has different methods of protecting the integrity of information.
This model uses the following elements:
The non-interference model ensures that data at different security domains does not interfere with each other. By implementing this model, the organization can be assured that covert channel communication does not occur because the information cannot cross security boundaries. Each data access attempt is independent and has no connection with any other data access attempt. A covert channel is a policy-violating communication that is hidden from the owner or users of a data system.
The Brewer and Nash models are also known as the Chinese Wall model. It states that a subject can write to an object if, and only if, the subject cannot read another object that is in a different dataset. It was created to provide access controls that can change dynamically depending upon a user’s previous actions. The main goal of this model is to protect against conflicts of interest by users’ access attempts.
The Graham-Denning Model is based on three parts: objects, subjects, and rules. It provides a more granular approach for interaction between subjects and objects.
There are eight rules:
The Harrison-Ruzzo-Ullman (HRU) Model maps subjects, objects, and access rights to an access matrix. It is considered as a variation to the Graham-Denning Model.
HRU has six primitive operations:
Additionally, HRU’s operations differ from Graham-Denning because it considers subject as a object.
In an information security environment, Security model is a collection of methods and techniques to authenticate security policies of an enterprise. Security Model provides precise controls to enforce the fundamental security concepts and monitors the processes. Considering the need of a security model, an organization can apply existing security models, or make explicit changes in it to create new customized model based on their particular requirements. These models can be abstract or intuitive.
© 2022 All rights reserved | Privacy Policy | Terms and Conditions | Sitemap
