wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Models of Information Security.

profile
Aaliya Choudhary
Jul 19, 2022
0 Likes
1 Discussions
217 Reads

Security plays an important role in protecting the assests of an organization. Hence, security professionals come up with various tactics, models and strategies to tackle security breaches. Information security models are one of such constructs. Organizations can use Information Security models as templates to describe the foundation and governance of their overall information security processes and architecture. It is more of a theoretical concept than a practical one. However, it helps security professionals in creating an effective and efficient security strategy.

 

A security model is a structure in which a security policy is developed. It determines how data is accessed, what level of security is needed, and what procedure should be taken when these requirements are not met. The aim of these models is to maintain the CIA (Confidentiality, Integrity and Availability) triad aspect of Security. 

 

Based on their goals the model can belong to two origins, namely Military origin (Confidentiality focused) and Commercial origin (Integrity focused). There are two approaches to be considered;

 

1. Finite State Machine: Typically, described as a mathematical model for any system that has a limited number of conditional states of being. Here, it is assumed to be a finite series of states where for every state confidentiality, integrity and availability are assessed.

2. Lattice approach: Here we define a set of security levels and assign each Subject (users and processes) and resource (files) a security level. It also defines the set of rules for the interaction between them.

 

There are various types of security models, we will discuss the prominent ones briefly below:

1. Bell-LaPadula Model: It was conceived by David Elliot Bell and Leonard .J. LaPadula, hence the name. The purpose of this model is to provide the confidentiality of information. It is the first mathematical model to prevent unauthorized access to secret information by unauthorized subjects. It is a lattice approach model that specifies three rules which govern the interaction between the Subject and resources on different layers or levels of secrecy.

2. Biba Model: It was developed by Scientist Kenneth .J. Biba. It is implemented contradictory to the Bell-LaPadula Model. The purpose of this model is to provide the integrity of information. It specifies two axioms that are similar to the rules of the Bell-LaPadula Model where these axioms govern the interaction between the Subject and resources on different layers or levels of secrecy.

3. Clark-Wilson Security Model: It was developed by David D. Clark and David R. Wilson. Like the Biba model it is also focused on integrity. It is the model that provides the highest security. Unlike the above two models it has two objects: constrained data items and unconstrained data items. It is based on two principles namely, well formed transactions and separation of duties.

4. Brewer and Nash Model:  Introduced by Nash and Brewer it is also referred to as The Chinese Wall model as it resembles an ethical wall security policy. It is a finite state machine approach where the state of the machine is focused on segregation of duties to avoid conflicts of interest. It is oriented towards confidentiality. Here, once a person accessing the information corresponds to one side they are unable to access the data of the other side or data is not available for the same person.

5. Harrison Ruzzo Ullman Model: It is thought to be a modification of the Bell-LaPadula Model. It can be incorporated through an Access Control list or Capabilities list. Since the Bell-LaPadula model has no system for changing access privileges or for the creation and deletion of subjects and objects. The Harrison Ruzzo Ullman Model provides the solution for these problems by authorizing the structure for access rights allocation and verifying compliance with any given policy preventing unauthorized access.


Comments ()


Sign in

Read Next

An Overivew Of Cache Memory

Blog banner

Types of Threads

Blog banner

"Games and the future"

Blog banner

Consumer to consumer Business model

Blog banner

Top 5 Post-Wedding Skin Care Tips

Blog banner

Photorec - media recovery tool

Blog banner

 " Healing of Yoga "

Blog banner

Data Security must be your Priority!

Blog banner

Question

Blog banner

10 Interesting Facts about Death Note

Blog banner

Data Science in Predictive Analytics: Transforming Business Decision-Making

Blog banner

A book review

Blog banner

Smartphone Security: Vulnerabilities and Attacks

Blog banner

Scala - a programming tool

Blog banner

BUFFER OVERFLOW_142

Blog banner

Embaded operating system

Blog banner

Types of Threads

Blog banner

Raid and levels of raid.

Blog banner

LinkedIn

Blog banner

"The Benefits of Using GIS in Agriculture"

Blog banner

MODERN OPERATING SYSTEM

Blog banner

Memory hierarchy

Blog banner

Social Media Marketing Trends 2022

Blog banner

Traveling

Blog banner

IT Service as as Value Creation

Blog banner

Place to visit in pune

Blog banner

**THE MUJAWARR: Transforming the Logistics Industry**

Blog banner

Big Data Architecture

Blog banner

Visualization in Data Science

Blog banner

Unlocking Success: Mastering Google Ads Strategies

Blog banner

Data is an asset and it is your responsibility!

Blog banner

Process states

Blog banner

Junk food vs healthy food

Blog banner

How to Find the Right Therapist For Me?

Blog banner

Modern Operating System - Suren Kotian

Blog banner

An Overview of Virtual Machines

Blog banner

Processing Crime and Incident Scenes

Blog banner

USES OF WHATSAPP

Blog banner

You'll get to know about Pankaj Negi

Blog banner

Network Forensics Tools and Techniques

Blog banner

Linux Threads:

Blog banner

Should you be using a mouthwash? Know from the experts

Blog banner