Understand the Fundamental Concepts of Security Models

Security models enable people to access only the data classified for their clearance level. There are many models. We will cover Bell-LaPadula and Biba, both of which use mathematical formulas. You don’t need to know the formulas or other details, but you should be familiar with the models and their pros and cons.

  • Bell-LaPadula. This model was established in 1973 for the United States Air Force. It focuses on confidentiality. The goal is to ensure that information is exposed only to those with the right level of classification. For example, if you have a Secret clearance, you can read data classified as Secret, but not Top Secret data. This model has a “no read up” (users with a lower clearance cannot read data classified at a higher level) and a “no write down” (users with a clearance higher than the data cannot modify that data) methodology. Notice that Bell-LaPadula doesn’t address “write up,” which could enable a user with a lower clearance to write up to data classified at a higher level. To address this complexity, this model is often enhanced with other models that focus on integrity. Another downside to this model is that it doesn’t account for covert channels. A covert channel is a way of secretly sending data across an existing connection. For example, you can send a single letter inside the IP identification header. Sending a large message is slow. But often such communication isn’t monitored or caught.
  • Biba. Released in 1977, this model was created to supplement Bell-LaPadula. Its focus is on integrity. The methodology is “no read down” (for example, users with a Top Secret clearance can’t read data classified as Secret) and “no write up” (for example, a user with a Secret clearance can’t write data to files classified as Top Secret). By combining it with Bell-LaPadula, you get both confidentiality and integrity.
    There are other models; for example, the Clark-Wilson model also focuses on integrity.

6 thoughts on “Understand the Fundamental Concepts of Security Models”

  1. Thank you for some other wonderful article. The place
    else may anybody get that type of info in such an ideal method of writing?
    I’ve a presentation subsequent week, and I’m on the look for such information.

Leave a Comment

Your email address will not be published. Required fields are marked *

error: Content is protected !!