Introduction To Classic Security Models
Last Updated :
11 Jul, 2022
These models are used for maintaining goals of security, i.e. Confidentiality, Integrity, and Availability. In simple words, it deals with CIA Triad maintenance. There are 3 main types of Classic Security Models.
- Bell-LaPadula
- Biba
- Clarke Wilson Security Model
1. Bell-LaPadula
This Model was invented by Scientists David Elliot Bell and Leonard .J. LaPadula.Thus this model is called the Bell-LaPadula Model. This is used to maintain the Confidentiality of Security. Here, the classification of Subjects(Users) and Objects(Files) are organized in a non-discretionary fashion, with respect to different layers of secrecy.
It has mainly 3 Rules:
- SIMPLE CONFIDENTIALITY RULE: Simple Confidentiality Rule states that the Subject can only Read the files on the Same Layer of Secrecy and the Lower Layer of Secrecy but not the Upper Layer of Secrecy, due to which we call this rule as NO READ-UP
- STAR CONFIDENTIALITY RULE: Star Confidentiality Rule states that the Subject can only Write the files on the Same Layer of Secrecy and the Upper Layer of Secrecy but not the Lower Layer of Secrecy, due to which we call this rule as NO WRITE-DOWN
- STRONG STAR CONFIDENTIALITY RULE: Strong Star Confidentiality Rule is highly secured and strongest which states that the Subject can Read and Write the files on the Same Layer of Secrecy only and not the Upper Layer of Secrecy or the Lower Layer of Secrecy, due to which we call this rule as NO READ WRITE UP DOWN
2. Biba
This Model was invented by Scientist Kenneth .J. Biba. Thus this model is called Biba Model. This is used to maintain the Integrity of Security. Here, the classification of Subjects(Users) and Objects(Files) are organized in a non-discretionary fashion, with respect to different layers of secrecy. This works the exact reverse of the Bell-LaPadula Model.
It has mainly 3 Rules:
- SIMPLE INTEGRITY RULE: Simple Integrity Rule states that the Subject can only Read the files on the Same Layer of Secrecy and the Upper Layer of Secrecy but not the Lower Layer of Secrecy, due to which we call this rule as NO READ DOWN
- STAR INTEGRITY RULE: Star Integrity Rule states that the Subject can only Write the files on the Same Layer of Secrecy and the Lower Layer of Secrecy but not the Upper Layer of Secrecy, due to which we call this rule as NO WRITE-UP
- STRONG STAR INTEGRITY RULE
3. Clarke Wilson Security Model
This Model is a highly secured model. It has the following entities.
- SUBJECT: It is any user who is requesting for Data Items.
- CONSTRAINED DATA ITEMS: It cannot be accessed directly by the Subject. These need to be accessed via Clarke Wilson Security Model
- UNCONSTRAINED DATA ITEMS: It can be accessed directly by the Subject.
The Components of Clarke Wilson Security Model
- TRANSFORMATION PROCESS: Here, the Subject's request to access the Constrained Data Items is handled by the Transformation process which then converts it into permissions and then forwards it to Integration Verification Process
- INTEGRATION VERIFICATION PROCESS: The Integration Verification Process will perform Authentication and Authorization. If that is successful, then the Subject is given access to Constrained Data Items.
Similar Reads
Introduction To Security Defense Models These models are mainly used for Defense Purpose i.e., securing the data or the asset. There are 2 main types of Security Defense Models: Lollipop Model, and Onion Model. These are explained as following below. 1. Lollipop Model : Lollipop Model is Defense Model associated with an analogy of a Lolli
2 min read
Information Assurance Model in Cyber Security Information Assurance concerns implementation of methods that focused on protecting and safeguarding critical information and relevant information systems by assuring confidentiality, integrity, availability, and non-repudiation. It is strategic approach focused which focuses more on deployment of p
5 min read
Information Assurance vs Information Security In the world of modern technologies, the security of digital information is an important aspect. Cyber-attacks and theft, exploitation and loss of data are the constant threats these days. To prevent all these, there is a variety of techniques available. But in all other ways, the two most common an
9 min read
Information Security and Cyber Laws Information security is a broad field that encompasses a wide range of technologies, practices, and policies to protect sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction. It includes physical, network security, and application security, as well
6 min read
Approaches to Information Security Implementation In order to determine the safety of data from potential violations and cyberattacks, the implementation of the security model has an important phase to be carried out. In order to ensure the integrity of the security model, it can be designed using two methods:Â 1. Bottom-Up Approach: The company's
5 min read