Security models of control are used to determine how security will be implemented, what subjects can access the system, and what objects they will have access to. Simply stated, they are a way to formalize security policy. Security models of control are typically implemented by enforcing integrity or confidentiality. Show IntegrityIntegrity is a good thing. It is one of the basic elements of the security triad, along with confidentiality and availability. Integrity plays an important role in security because it can verify that unauthorized users are not modifying data, that authorized users don’t make unauthorized changes, and that data remains internally and externally consistent. Two security models of control that address integrity include Biba and Clark-Wilson. BibaThe Biba model was the first model developed to address the concerns of integrity. Originally published in 1977, this lattice-based model has two defining properties:
Biba addresses integrity only, not availability or confidentiality. It also assumes that internal threats are being protected by good coding practices and, therefore, focuses on external threats. [bs_icon name="glyphicon glyphicon-info-sign"] Remember that the Biba model deals with integrity. As such, writing to an object of a higher level might endanger the integrity of the system. Clark-WilsonThe Clark-Wilson model was created in 1987. It differs from previous models because it was developed with the intention to be used for commercial activities. This model dictates that the separation of duties must be enforced, subjects must access data through an application, and auditing is required. It also differs from the Biba model in that subjects are restricted. This means a subject at one level of access can read one set of data, whereas a subject at another level of access has access to a different set of data. ConfidentialityAlthough integrity is an important concept, confidentiality was actually the first to be addressed in a formal model. This is because the Department of Defense (DoD) was concerned about the confidentiality of information. The DoD divides information into categories, to ease the burden of managing who has access to what levels of information. DoD information classifications include confidential, secret, and top secret. Bell-LaPadulaThe Bell-LaPadula model was actually the first formal model developed to protect confidentiality. This is a state machine that enforces confidentiality. A state machine is a conceptual model that monitors the status of the system to prevent it from slipping into an insecure state. Systems that support the state machine model must have all their possible states examined to verify that all processes are controlled. The Bell-LaPadula model uses mandatory access control to enforce the DoD multilevel security policy. For a subject to access information, he must have a clear “need to know” and meet or exceed the information’s classification level. The Bell-LaPadula model is defined by the two following properties:
[bs_icon name="glyphicon glyphicon-info-sign"] Review the Bell-LaPadula Simple Security and Star * Security models closely; they are easy to confuse with Biba's two defining properties. [bs_icon name="glyphicon glyphicon-info-sign"] Know that the Bell-LaPadula model deals with confidentiality. As such, reading information at a higher level than what is allowed would endanger confidentiality. Take-Grant ModelThe Take-Grant model is another confidentiality-based model that supports four basic operations: take, grant, create, and revoke. This model allows subjects with the take right to remove take rights from other subjects. Subjects possessing the grant right can grant this right to other subjects. The create and revoke operations work in the same manner: Someone with the create right can give the create right to others, and those with the revoke right can remove that right from others. Brewer and Nash ModelThe Brewer and Nash model is similar to the Bell-LaPadula model and is also called the Chinese Wall model. It was developed to prevent conflict of interest (COI) problems. As an example, imagine that your security firm does security work for many large firms. If one of your employees could access information about all the firms that your company has worked for, he might be able to use this data in an unauthorized way. Therefore, the Chinese Wall model would prevent a worker consulting for one firm from accessing data belonging to another, thereby preventing any COI. What are principles of the Biba Integrity Model?The Biba model has two primary rules: the Simple Integrity Axiom and the * Integrity Axiom. Simple Integrity Axiom: “No read down”; a subject at a specific clearance level cannot read data at a lower classification. This prevents subjects from accessing information at a lower integrity level.
What is the primary goal of the BellThe Bell-LaPadula model was originally developed for the Department of Defense. It is focused on maintaining the confidentiality of objects. Protecting confidentiality means not allowing users at a lower security level to access objects at a higher security level.
Which of the following does the Biba model address?Explanation. Biba model address Integrity of data, as opposed to Bell-LaPadula. Memory trick: biba ~= bible ~= integrity.
What are the two primary rules or principles of the BellThe Bell–LaPadula Security Model
Systems based on this model must enforce two properties: the simple security property that prevents subjects from reading objects without authorization; and. the star property that prevents sensitive data from being written to insecure objects.
|
