Security Architecture Models.
Security architecture models illustrate information security implementations and can help organizations to quickly make improvements through adaptation.
Some models are implemented into computer hardware and software, some are implemented as policies and practices, and some are implemented in both.
some models focus on the confidentiality of information, while others focus on the integrity of the information as it is being processed.
Bell-LaPadula Confidentiality Model.
BLP confidentiality model is a state machine model that helps ensure the confidentiality of an information system by means of MACs, data classification, and security clearances. A system that serves as a reference monitor compares the level of classification of the data with the clearance of the entity requesting access; it allows access only if the clearance is equal to or higher than the classification.
Biba integrity Model.
The Biba integrity model is similar to BLP. It is based on the premise that higher levels of integrity are more worthy of trust than lower ones. The intent is to provide access controls to ensure that objects or subjects cannot have less integrity as a result of read/write operations.
Clark-Wilson Integrity Model.
The Clark-Wilson integrity model, which is built upon principles of change control rather than integrity levels, was designed for the commercial environment. The change control principles upon which it operates are: No changes by unauthorized subjects, No unauthorized changes by authorized subject, and the maintenance of internal and external consistency.
Graham-Denning Access Control Model.
The Graham-Denning access control model has three parts: a set of objects, a set of subjects, and a set of rights. The subjects are composed of two things: a process and a domain. The domain is the set of constraints controlling how subjects may access objects. The set of rights governs how subjects may manipulate the passive objects.
Harrison-Ruzzo-Ullman Model.
The Harrison-Ruzzo-Ullman (HRU) model defines a method to allow changes to access rights and the addition and removal of subjects and objects, a process that the Bell-LaPadula model does not.
Brewer-Nash Model (Chinese Wall)
The Brewer-Nash model-commonly known as Chinese Wall-is designed to prevent a conflict of interest between two parties. Imagines that a low firm represents two individuals who are involved in a car accidents. One sues the others, and the firm has to represent both. To prevent a conflict of interest, the individual attorneys should not be able to access the private information of these two litigants.
Reference.
Michael
E. Whitman & Herbert J. Mattord, “Management
of information security” 3e (2010), Boston, Course Technology,
CengageLearning.
No comments:
Post a Comment