- State Machine Model
- Definition: A security model that describes a system that is secure in every possible state.
- Key Concepts:
- Secure State: A system is considered secure if all aspects of its state meet the security policy requirements.
- State Transition: Occurs when the system accepts input or produces output, leading to a new state. The system must remain secure throughout all transitions.
- Characteristics: The system always boots into a secure state, maintains security during transitions, and ensures that subjects access resources in a manner compliant with the security policy.
- Information Flow Model
- Definition: A security model that focuses on controlling the flow of information within a system.
- Key Concepts:
- State Machine Basis: Information flow models are based on the state machine model.
- Security Focus: Designed to prevent unauthorized, insecure, or restricted information flows, often between different levels of security (multilevel security models).
- Examples: Bell-LaPadula and Biba models are both information flow models.
- Covert Channels: The model addresses covert channels by excluding all non-defined flow pathways.
- Noninterference Model
- Definition: A security model concerned with ensuring that the actions of a subject at a higher security level do not affect or are noticed by subjects at a lower security level.
- Key Concepts:
- Information Flow Focus: Loosely based on the information flow model but focuses on the impact of actions rather than the flow itself.
- Security Protection: Provides a form of protection against malicious programs like Trojan horses by ensuring that higher-level actions do not interfere with lower-level actions.
These models provide a framework for defining and understanding the allowed interactions between subjects (active parties) and objects (passive parties) within a system, ensuring that security policies are consistently applied and maintained. Understanding these models is essential for evaluating and implementing secure systems, particularly for the CISSP exam.