Concept of security models

The security models are specifically defining the relationship of operating system performance with the information security models. The effective and efficient security models secure the sensitive and relevant information or data of the organizations. The security policy is verified by using the information security models. They deliver a precise set of directions to the computer to follow the implementation of vital security processes, procedures, and concepts contained in a security program. They define the security concern in information threads.


Security models are used to evaluate and authenticate the security policy to map the intellectual property of the information system. They are used to represent the mathematical and analytical ideas that are developed by programmers. These ideas are mapped with the system specifications through programming code.


These ideas maintain the goal of CIA property that is confidentiality, integrity, and availability. The CIA properties are elaborated in detail.

Confidentiality

Confidentiality refers to protecting the data from unauthorized access. Only legitimate users can access sensitive information. The main goal of confidentiality is to stop information from getting into the wrong hands. There are many ways to secure data confidentiality such as use of strong passwords, authentication, data encryption, segregation of data and so forth. Some common threats that exist are against the rules of confidentiality.

  • Encryption cracking.
  • Eavesdropping attack.
  • Malicious insiders.
  • Man-in-the-middle attack.

Integrity

Integrity is used to validate the information. It checks whether the information present is in correct format or not. It also validates information that is true and correct to its original purposes. Integrity ensures that the receiver's information is the same as the creator's information. The information can be edited only by the legal person to prevent unwanted modification. There are no rights provided to anyone to change or modify the data. In some cases, electromagnetic pulse (EMP) or server crashes are responsible to break the integrity.

So, integrity ensures the accuracy, trustworthiness, and validity of data throughout its life cycle. It holds value if it is truthful. There must be mechanisms to restore data in case of unintended changes. Some challenges that could affect the integrity of information are

  • Physical compromise to device.
  • Human error.

Data encryption and hashing are the mechanisms that are used to preserve integrity.

Availability

This implies that the network should be accessible to its users at all times. This holds true for both systems and data. To ensure network availability, network administrators should maintain hardware, perform regular upgrades, have a fail-over plan, and avoid bottlenecks. Attacks such as DoS or DDoS can make a network unusable as the network's resources are depleted. Companies and users who rely on the network as a business tool may suffer from a substantial impact. As a result, sufficient precautions should be taken to avoid such attacks.

Threat to information availability occurs due to many reasons such as:

  • Malicious Code.
  • Insufficient bandwidth.
  • DDOS (Distributed Denial of Service attack).

There are three main types of classic security models namely

  1. Bell-LaPadula model
  2. Biba model
  3. Clarke Wilson Security model

Bell-LaPadula model

This model was invented by David Elliot Bell and Leonard.J. LaPadula and therefore, this model is known as Bell-LaPadula. This model is used to ensure the confidentiality of information. It defines the functions of a multilevel security system. It is the first mathematical model that prevents secret information from being accessed in an unauthorized manner.

Image shows how Bell-LaPadula model works.
Bell-LaPadula model

In this picture, the user and the files are arranged in a non-discretionary manner concerning different layers of secrecy.

It follows three types of basic rules-

  • Simple confidentiality rule
  • Star confidentiality rule
  • Strong star confidentiality rule

Simple confidentiality rule

This rule is called the NO READ-UP rule because it states that only the user can read the files that are on the same layer and lower layer of secrecy but cannot read the files on the upper layer of secrecy.

Star confidentiality rule

This rule is called the NO WRITE-DOWN rule because it states that the user can write the files on the same layer of secrecy and upper layer of secrecy but cannot read the files on the lower layer of secrecy.

Strong star confidentiality rule

This rule is called NO READ WRITE UP DOWN because the user can only read and write the files on the same layer of secrecy but cannot read and write the files on the upper layer of secrecy and the lower layer of secrecy. This is the highly secured and strongest rule in Bell-LaPadula.

Biba model

The Biba model was named so after its inventor Kenneth.J. Biba. This model is used to ensure the integrity of information.

Diagram showing Biba model.

It follows 3 rules:

  • Simple integrity rules
  • Star integrity rules
  • Strong star integrity rule

Simple integrity rules

This rule is called the NO READ-DOWN rule because the user can read the files only on the same layer of secrecy and upper layer of secrecy but cannot read the files on the lower layer of secrecy.

Star integrity rule

This rule is called the NO WRITE-UP rule because users can read the files only on the same and lower layer of secrecy but cannot read the files on the upper layer of secrecy.

Strong star integrity rule

This rule is called the NO READ-WRITE UP DOWN rule because the user can read and write the files on the same layer of secrecy only but cannot read and write the files on the upper or lower layer of secrecy. This rule is highly secured and is the strongest rule in Bell-LaPaulda.

Clarke Wilson Security Model

This model provides the highest security to the security model. It has the following entities:

Diagram shows the how Clarke Wilson Security Model works
Clarke Wilson Security Model

Subject

It is the user who requests the data items.

Constrained data items

Users cannot access constrained data items directly. It is accessed according to the Clarke Wilson Security Model.

Unconstrained data item

Users can access it directly.

The constrained data can be accessed by following processes:

1. Transformation process

The user can request constrained data items that are handled by the transformation process. The process converts it into permission and then forwards it to the integration verification process.

2. Integration verification process

It performs authorization and authentication. If this verification is successful, then the user is given access to the constrained data items.

Common Mistakes

There is a mistake in understanding the terms confidentiality and integrity. In simple language, confidentiality defines that the information should not go to the wrong hands. Integrity shows data validity. This means that only an authorized and legal person can access the authorized content or information.

Context and Applications

This topic is significant in the professional exams for both graduate and postgraduate courses, especially for:

  • Bachelor of Technology in Computer science.
  • Bachelor of Technology in Information Technology.
  • Master of Technology in Information Security.
  • Drafting security
  • Brewer and Nash model
  • Information security model

Practice Problems

Q1. Which of the following is a type of security model?

  1. Bell-LaPadula model
  2. Biba model
  3. Clarke Wilson Security model
  4. All of these

Correct answer- 4. All of these

Explanation- The security model is classified into three types namely Bell-LaPadula model, Biba model and Clarke Wilson Security model

Q2. How many rules follow the Biba model?

  1. two
  2. four
  3. six
  4. three

Correct answer: 4. three

Explanation- There are three basic rules in the Biba model namely simple integrity rules, star integrity rules and strong star integrity rules.

Q3. Information security policy follows the property of:

  1. CIA
  2. MIA
  3. AIR
  4. ACE

Correct answer: 1. CIA

Explanation- The full form of CIA is confidentiality, integrity and availability. The Information security policy follows these three properties.

Q4. The types of access control are:

  1. Virtual access control
  2. Physical and logical access control
  3. Both
  4. None

Correct answer: 2. Physical and logical access control.

Explanation- There are 3 types of access control. These are Administrative Access Control, Physical Access Control and Technical or Logical Access Control.

Q5. What is the first step of access control?

  1. Verification
  2. Identification
  3. Authorization
  4. None

Correct answer: 2. Identification

Explanation- Access is granted through a series of processes to ensure that this user has access to the requested resources. Typically, these steps are Identification, Authentication, and Authorization.

Want more help with your computer science homework?

We've got you covered with step-by-step solutions to millions of textbook problems, subject matter experts on standby 24/7 when you're stumped, and more.
Check out a sample computer science Q&A solution here!

*Response times may vary by subject and question complexity. Median response time is 34 minutes for paid subscribers and may be longer for promotional offers.

Search. Solve. Succeed!

Study smarter access to millions of step-by step textbook solutions, our Q&A library, and AI powered Math Solver. Plus, you get 30 questions to ask an expert each month.

Tagged in
EngineeringComputer Science

Information Security

Security Models

Types of Security Models

Types of Security Models Homework Questions from Fellow Students

Browse our recently answered Types of Security Models homework questions.

Q: Many companies are undergoing server virtualization. This is the concept of putting…
Q: Please, answer the whole question. Suppose you toss n biased coins independently. Given positive…
Q: 1. Please check the answer and add explanation properly and solve all questions. 2. Give reasons for…
Q: 14.  _____ variables take on values in an experiment. A) Fixed B) Static C) Random D)…
Q: One of two biased coins A and B is selected and flipped 3 times. Let A be the event that coin A is…
Q: Let hLPF(n) be the impulse response of a discrete-time low-pass filter with frequency response HLPF…
Q: The Code Red II worm accomplished rapid infection mainly because of its localized scanning strategy.…
Q: Provide the full C++ main.cpp, mystring.cpp and mystring.h. Part of the output is provided below
Q: Q2 The Powerball Lottery 15 Points The Powerball lottery is based on a random drawing of six balls…
Q: How get the timestamp PTHHMMM to convert into HH:MM in Python?  For example: PT1H15M would becomes…
Q: Given the following vertex set and edge set (assume bidirectional edges): V {1, 2, 3, 4, 5, 6, 7, 8,…
Q: To allow a class to be written to a file all at once, we implement the _____class.
Q: How would you explain the software development life cycle (SDLC) four main phases to a group of…
Q: alice wants to send to all her friends, including bob, the message "SELLEVERYTHING" so that be knows…
Q: The Java class that we use to allow the user to navigate through folders and select a file is called…
Q: 22. P(a) = 0.5 P(b) = 0.2 Can P(A ^ B) > 0.2?A) YesB) no
Q: For each of the following functions, determine whether the function is: Injective (one-to-one).…
Q: Exceptions for which the Java compiler requires us to add exception handling - such as…
Q: What is the service model of the Internet’s network layer? What guarantees are made by the…
Q: Which is used to improve the performance a heuristic search A) Quality of the heuristic function…
Q: Build a solution for the 0-1 Knapsack problem using backtracking algorithm. We have 5 items with…
Q: Could you assist me with this issue? I'm finding it challenging to grasp the solution. Would you…
Q: Here is the following grammar for the set A = {0^n 1^n | n >= 0}* S -> AS | ∈  A -> 0A1 | ∈…
Q: Question 3:   You are tasked with developing an Arduino-controlled temperature management system for…
Q: Solve the problem
Q: Try adding a "Comments" section/tab using the following code:
Q: For the given 2-3 tree: Add node 65 Remove node 20 50 90 120 150 30 40 60 80 100 110 130 140 160 ?
Q: Consider a broadcast channel with N nodes and a transmission rate of R bps. Suppose the broadcast…
Q: Why are data types important when creating/designing a relational database? Please give a real world…
Q: the answer and add explanation properly at every steps and solve steps wise
Q: w |w Consider alphabet Σ = {0,1} and language L = = {wες : Σw # i=1 i=1 regular. Σ (1 - w;)}. Prove…
Q: 32222 data bytes are transferred from client to server over a TCP connection over a point-to- point…
Q: 4. Consider alphabet Σ = {0,1} and language Lo₁ = {we*: w=0"1" for some nonnegative n€Z}. Prove or…
Q: A sender sends binary data 101011111001110. The checksum has eight bits length, what is the checksum…
Q: Given main(), complete the program to add people to a queue. The program should read in a list of…
Q: Based on the photo attatched, list each step in simple terms and explain each step in simpler terms
Q: 23.  What are agents who have the capability of maintaining an internal state of information?…
Q: overview of SQLJ and JDBC.
Q: Suppose that you are an analyst developing a new information system to automate the…
Q: what is Java and what are it's pros and cons?
Q: How many bytes from the very start of the Ethernet frame does the ASCII “O” in “OK” (i.e., the HTTP…
Q: For each of the following functions, determine whether the function is: Injective (one-to-one).…
Q: 1. Select a computer-aided software engineering tool either one that a person can use forclass, a…
Q: _____is a documentation generator that produces an html file containing documentation of a…
Q: I a unsure how to go about solving this. Thank you in advance for your help!   Question: Find at…
Q: Assume that a customer purchase a new car every 5 years, for a total of 10 cars through her…
Q: 11100000 01000000 ******** ******** 1110000* ******** ******** ******** 11100001 1******* ********…
Q: Show the distance matrix D(k) for 0 ≤ k ≤ n that results from applying the Floyd-Warshall algorithm…
Q: Which of the following solutions is most likely to correctly perform data flow analysis for the…
Q: When using AWS Identity and Access Management (IAM), what is the recommended best practice with your…

Search. Solve. Succeed!

Study smarter access to millions of step-by step textbook solutions, our Q&A library, and AI powered Math Solver. Plus, you get 30 questions to ask an expert each month.

Tagged in
EngineeringComputer Science

Information Security

Security Models

Types of Security Models