Security Models Introduction
Security models are frameworks that guide policy design and implementation. They provide a structured approach for securing systems and data. CISSP covers various models, emphasizing confidentiality, integrity, and availability.
Bell-LaPadula Confidentiality Model
Bell-LaPadula focuses on data confidentiality and controlled access. Known for 'no read up, no write down' (Simple Security Property and *-Property), it prevents data from leaking to users with lower clearance.
Biba Integrity Model
Complementing Bell-LaPadula, Biba's model ensures data integrity. Its policy enforces 'no write up, no read down', preventing data corruption from lower integrity levels and disallowing unauthorized information modification.
Clark-Wilson Integrity Model
Clark-Wilson addresses commercial security, enforcing well-formed transactions and separation of duties. It ensures users perform tasks adhering to the company's rules, safeguarding internal process integrity.
Brewer and Nash Model
Also known as the Chinese Wall model, it prevents conflicts of interest by dynamically controlling access. It ensures a user with access to sensitive data from one company is barred from accessing rival companies' data.
Non-Interference Model
This model ensures high-level actions do not impact low-level users, maintaining a state where activities of different security levels do not affect each other, ensuring user activities remain untraceable to other users.
Goguen-Meseguer Model
Goguen-Meseguer is rooted in non-interference but applies to multilevel security systems. It uses algebraic methods to specify and verify security policies, detailing how information flows between different levels.
What does CISSP emphasize in security models?
Confidentiality, integrity, availability
Efficiency, usability, complexity
Scalability, performance, cost
Company
