Security models

A security model specifically defines essential aspects of security and their relationship with the
operating system performance. No organization can secure their sensitive information or data
without having effective and efficient security models. We can say that the primary aim of a
security model is to provide the required level of understanding for a successful and effectual
implementation of key protection requirements. Information security models are the procedures
used to validate security policies as they are projected to deliver a precise set of directions that a
computer can follow to implement the vital security processes, procedures and, concepts
contained in a security program. These models can be intuitive or abstractive. Security models
run the directions of the road for security in operating systems.

There are some security models that are most currently using for to explain the guidelines and
rules that direct confidentiality, protection, and integrity of the information. The key reason and
focus on the security model implementation are confidentiality over and done with access
controls and Information integrity. With the help of these security models that are the main
components that should be given attention to when developing information security policies and
systems. These models talk about the access rules required to instantiate the defined policy and
highlight the objects that are directed by the company’s policy.

Here some of the important models we are discussing below to understand the functions and
importance of Information Security models in the current business world. Five popular and
valuable models are as follows;

 Bell-LaPadula Model
 Biba Model
 Clark Wilson Model
 Brewer and Nash Model
 Harrison Ruzzo Ullman Model

Bell-LaPadula Model

The model of Bell-LaPadula is originally the development of the US Department of Defense

(DoD). This model is the initial mathematical model of a multilevel security policy that explains
the concept of a secure state and compulsory methods of access. It makes sure that data only
flows in a way that does not disturb the system policy and is confidentiality focused.

Bell-LaPadula has some rules and properties that are defining below:

 Simple Security Property: “Certainly not read up”; a subject at a particular clearance
level that cannot be read an object at an upper classification level. For example, Subjects
that have a Secret clearance cannot be reached to the Top Secret objects.
 

 Security Property: “do not write down”; this is a subject at a higher level of clearance that
cannot be written to a lower classification level. For example, Subjects that are logged
into an Upper-class Secret system cannot direct emails to a Secret system.

 Strong Tranquility Property: Safety labels will not change while the system is
functioning.

 Weak Tranquility Property: Safety labels will not change in a way that conflicts with
well-defined properties of security.

Some problems that are related to Bell-LaPadula implementations are because of the reason that
users can certainly not communicate with low users. On one side when BLP model addresses
confidentiality it fails to address covert channels or access control on the other side. Also,
anybody can make a higher classification object which is also a problem. Initially, Bell-LaPadula
model was to complete DOD necessities for InfoSec, the military is presently aiming and
achieving the goals with the practice of providing discrete segregation and access control.

Clark Wilson Model

The Clark Wilson Model is dealing with two kinds of objects and we called one is CDIs and
UDIs i.e. constrained data items and unconstrained data items. It also has two types of relations,
the first one is IVP which means the Integrity verification procedure and the second one is TP i.e.
transaction procedure. The IVP’s work is to ensure that TPs causing CDIs are in a right state, and
valid transformation certifies for all TPs. Here, only TPs that are Oly authorized can control
CDIs. In other words, to protect the integrity of information and to ensure correctly formatted
transactions, this integrity model should be well implemented.

Biba Model

Biba Model is a bit like BLP while it does not emphasis on confidentiality, the main focus of
Biba model is on the integrity and it is often used for integrity where confidentiality is more
important. We can look at it simply to reverse BLP’s implementation. Confidentiality is the
concerned of many governments primarily, but most businesses want to ensure that the integrity
of the security of data is secured at the highest level. Biba is the sample of choice when integrity
security is vital.

The two primary rules of Biba Model are Simple Integrity Axiom and Integrity Axiom;

 Simple Integrity Axiom: (No read down) a subject at a clearance level cannot read the
information at a lower classification. This helps subjects from accessing important data at
a lower integrity level. This safeguards integrity by preventing bad information from
affecting up from lower integrity levels.

 Integrity Axiom: (No write up) a subject at a clearance level cannot write information to
a higher classification. This helps subjects from passing crucial information up to a
higher integrity level than clearance to change. This safeguards integrity by preventing
bad material from moving up to higher integrity levels.

Brewer and Nash Model

This model is also known as the Chinese wall model and it is used to avoid interest conflicts by
prohibiting an individual, such as consultant, from the log on to multiple COIs i.e. conflict of
interest categories. The change in access control policies depends on user behavior. It means
once a person accessing the information pertains to one side is not able to access the data of the
other side or data is not available for the same person.

Harrison Ruzzo Ullman Model

The Harrison Ruzzo Ullman model also considered as a BLP model add-on. The Bell-LaPadula
model has no system for changing access privileges or for the creation and deletion of subjects
and objects. The Harrison Ruzzo Ullman Model fixes these matters by authorizing the structure
for access rights allocation and in verifying compliance with the given policy stopping non-
authorized access. The Harrison Ruzzo Ullman Model can be implemented via an Access
Control or Capabilities List.

References:
 https://www.infosecacademy.io/blog/information-security-models/