Which are valid policy rules in the context of Bell
Improve Article Show
Save Article These models are used for maintaining goals of security, i.e. Confidentiality, Integrity, and Availability. In simple words, it deals with CIA Triad maintenance. There are 3 main types of Classic Security Models.
1. Bell-LaPadulaThis Model was invented by Scientists David Elliot Bell and Leonard .J. LaPadula.Thus this model is called the Bell-LaPadula Model. This is used to maintain the Confidentiality of Security. Here, the classification of Subjects(Users) and Objects(Files) are organized in a non-discretionary fashion, with respect to different layers of secrecy. It has mainly 3 Rules:
2. BibaThis Model was invented by Scientist Kenneth .J. Biba. Thus this model is called Biba Model. This is used to maintain the Integrity of Security. Here, the classification of Subjects(Users) and Objects(Files) are organized in a non-discretionary fashion, with respect to different layers of secrecy. This works the exact reverse of the Bell-LaPadula Model. It has mainly 3 Rules:
3. Clarke Wilson Security ModelThis Model is a highly secured model. It has the following entities.
The Components of Clarke Wilson Security Model
This chapter is from the book Security ModelsSecurity models of control are used to determine how security will be implemented, what subjects can access the system, and what objects they will have access to. Simply stated, they are a way to formalize security policy. Security models of control are typically implemented by enforcing integrity, confidentiality, or other controls. Keep in mind that each of these models lays out broad guidelines and is not specific in nature. It is up to the developer to decide how these models will be used and integrated into specific designs, as shown in Figure 5.5. Figure 5.5. How security models are used in the design of an OS. The sections that follow discuss the different security models of control in greater detail. The first three models discussed are considered lower-level models. State Machine ModelThe state machine model is based on a finite state machine, as shown in Figure 5.6. State machines are used to model complex systems and deals with acceptors, recognizers, state variables, and transaction functions. The state machine defines the behavior of a finite number of states, the transitions between those states, and actions that can occur. The most common representation of a state machine is through a state machine table. For example, as Table 5.3 illustrates, if the state machine is at the current state of (B) and condition (2), the next state would be (C). Table 5.3. State Machine Table
A state machine model monitors the status of the system to prevent it from slipping into an insecure state. Systems that support the state machine model must have all their possible states examined to verify that all processes are controlled. The state machine concept serves as the basis of many security models. The model is valued for knowing in what state the system will reside. As an example, if the system boots up in a secure state, and every transaction that occurs is secure, it must always be in a secure state and not fail open. Information Flow ModelThe Information Flow model is an extension of the state machine concept and serves as the basis of design for both the Biba and Bell-LaPadula models, which are discussed in the sections that follow. The Information Flow model consists of objects, state transitions, and lattice (flow policy) states. The real goal of the information flow model is to prevent unauthorized, insecure information flow in any direction. This model and others can make use of guards. Guards allow the exchange of data between various systems. Noninterference ModelThe Noninterference model as defined by Goguen and Meseguer was designed to make sure that objects and subjects of different levels don’t interfere with the objects and subjects of other levels. The model uses inputs and outputs of either low or high sensitivity. Each data access attempt is independent of all others and data cannot cross security boundaries. ConfidentialityAlthough the preceding models serve as a basis for many security models that were developed later, one major concern is confidentiality. Government entities such as the DoD are concerned about the confidentiality of information. The DoD divides information into categories to ease the burden of managing who has access to what levels of information. DoD information classifications are sensitive but unclassified (BU), confidential, secret, and top secret. One of the first models to address the needs of the DoD was the Bell-LaPadula model. Bell-LaPadulaThe Bell-LaPadula state machine model enforces confidentiality. The Bell-LaPadula model uses mandatory access control to enforce the DoD multilevel security policy. For a subject to access information, he must have a clear need to know and meet or exceed the information’s classification level. The Bell-LaPadula model is defined by the following properties:
Although the Bell-LaPadula model did go a long way in defining the operation of secure systems, the model is not perfect. It did not address security issues such as covert channels. It was designed in an era when mainframes were the dominant platform. It was designed for multilevel security and takes only confidentiality into account. IntegrityIntegrity is a good thing. It is one of the basic elements of the security triad along with confidentiality and availability. Integrity plays an important role in security because it can verify that unauthorized users are not modifying data, authorized users don’t make unauthorized changes, and that databases balance and data remains internally and externally consistent. Although governmental entities are typically very concerned with confidentiality, other organizations might be more focused on the integrity of information. In general, integrity has four goals:
Two security models that address secure systems for the aspect of integrity include Biba and Clark-Wilson. Both of these models are addressed next. BibaThe Biba model was the first model developed to address the concerns of integrity. Originally published in 1977, this lattice-based model has the following defining properties:
Biba addresses only the first goal of integrity—protecting the system for access by unauthorized users. Availability and confidentiality are not examined. It also assumes that internal threats are being protected by good coding practices, and therefore focuses on external threats. Clark-WilsonThe Clark-Wilson model was created in 1987. It differs from previous models because it was developed with the intention to be used for commercial activities. This model addresses all the goals of integrity. Clark Wilson dictates that the separation of duties must be enforced, subjects must access data through an application, and auditing is required. Some terms associated with Clark Wilson include
Clark-Wilson features an access control triple. The access control triple is composed of the user, transformational procedure, and the constrained data item. It was designed to protect integrity and prevent fraud. Authorized users cannot change data in an inappropriate way. It also differs from the Biba model in that subjects are restricted. This means a subject at one level of access can read one set of data, whereas a subject at another level of access has access to a different set of data. Clark-Wilson controls the way in which subjects access objects so that the internal consistency of the system can be ensured and that data can be manipulated only in ways that protect consistency. Integrity verification procedures (IVPs) ensure that a data item is in a valid state. Data cannot be tampered with while being changed and the integrity of the data must be consistent. Clark-Wilson requires that all changes must be logged. Clark-Wilson is made up of transformation procedures (TP). Constrained data items (CDI) are data for which integrity must be preserved. Items not covered under the model are considered unconstrained data items (UDIs). Take-Grant ModelThe Take-Grant model is another confidentiality-based model that supports four basic operations: take, grant, create, and revoke. This model allows subjects with the take right to remove take rights from other subjects. Subjects possessing the grant right can grant this right to other subjects. The create and revoke operations work in the same manner: Someone with the create right can give the create right to others and those with the revoke right can remove that right from others. Brewer and Nash ModelThe Brewer and Nash model is similar to the Bell-LaPadula model and is also called the Chinese Wall model. It was developed to prevent conflict of interest (COI) problems. As an example, imagine that your security firm does security work for many large firms. If one of your employees could access information about all the firms that your company has worked for, he might be able to use this data in an unauthorized way. Therefore, the Chinese Wall model is more context oriented in that it prevents a worker consulting for one firm from accessing data belonging to another, thereby preventing any COI. Other ModelsA security model defines and describes what protection mechanisms are to be used and what these controls are designed to achieve. Although the previous section covered some of the more heavily tested models, you should have a basic understanding of a few more. These security models include
Which are valid policy rules in the context of Bell La Padula?Which are valid policy rules in the context of Bell La Padula? A secret process reading a top secret document. A top secret process writing information to a secret file. A secret process reading a file in an unclassified folder.
Which of the following is a type of cyber attack?The different types of cyber-attacks are malware attack, password attack, phishing attack, and SQL injection attack.
What is the best definition of a security model?A security model is a computer model which can be used to identify and impose security policies. It does not need some prior formation it can be founded on the access right model or analysing computing model or computation model. A security model is a structure in which a security policy is developed.
Which confidentiality based model supports operations take Grant create and revoke?The Take-Grant model is another confidentiality-based model that supports four basic operations: take, grant, create, and revoke. This model allows subjects with the take right to remove take rights from other subjects. Subjects possessing the grant right can grant this right to other subjects.
|