- Matrix Model
- Definition: A model that provides access rights to subjects for objects.
- Key Concepts:
- Access Rights: Include read, write, and execute.
- Structure:
- Columns: Represent Access Control Lists (ACLs).
- Rows: Represent capability lists.
- Supports: Discretionary Access Control (DAC).
- Bell-LaPadula Model
- Type: Mandatory Access Control (MAC), Confidentiality Model.
- Key Concepts:
- Core Rules:
- Simple Security Rule: “No Read Up” – Subjects cannot read data at a higher classification level.
- Star Property (*-Property): “No Write Down” – Subjects cannot write data to a lower classification level, except for trusted subjects.
- Strong Star Rule: Subjects can only read and write at the same level.
- Tranquility Principle: Prevents the security level of subjects from being changed once they are created.
- Focus: Preventing information flow from higher to lower security levels.
- Uses: Access matrix for DAC and implements the need-to-know principle.
- Developed By: U.S. Department of Defense (DoD).
- Core Rules:
- Biba Model
- Type: MAC, Integrity Model.
- Key Concepts:
- Core Rules:
- Simple Integrity Property: “No Read Down” – Subjects cannot read data at a lower integrity level.
- Star Integrity Property: “No Write Up” – Subjects cannot write data to a higher integrity level.
- Lattice-Based: Includes least upper bound, greatest lower bound, and flow policy.
- Focus: Preventing information flow from lower to higher integrity levels.
- Concern: Protecting objects from external threats.
- Core Rules:
- Clark-Wilson Model
- Type: Integrity Model.
- Key Concepts:
- Enforcement: Segregation of duties, requires auditing.
- Commercial Use: Commonly used in business environments.
- SCI: Constrained Data Items, data whose integrity is to be preserved.
- Access: Only through well-formed transactions (programs).
- Integrity Verification Procedure (IVP): Scans data items to confirm their integrity.
- Information Flow Model
- Key Concepts:
- Security Class: Each object is assigned a security class and value.
- Information Flow: Constrained to flow only in directions permitted by the security policy.
- Models: Includes Bell-LaPadula and Biba models.
- Key Concepts:
- Brewer and Nash Model (Chinese Wall)
- Type: Dynamic Access Control Model.
- Key Concepts:
- Conflict of Interest: Prevents conflicts by controlling access based on a user’s previous actions.
- Application: Common in environments where conflict of interest must be avoided.
- Lipner Model
- Combination: Integrates Bell-LaPadula (Confidentiality) and Biba (Integrity) models.
- Significance: Considered one of the first commercial security models.
- Graham-Denning Model
- Focus: Relationship between subjects and objects.
- Key Concepts: Defines eight primitive protection rights, such as create, delete, read, and write.
- Take-Grant Model
- Structure: Uses a directed graph to specify rights that subjects can transfer to objects or take from other subjects.
- Key Concepts:
- Focus: States and state transitions.
These models provide various frameworks for enforcing security policies in information systems, each with a focus on specific aspects such as confidentiality, integrity, access control, and conflict of interest prevention. Understanding these models is crucial for applying the appropriate security measures in different contexts, particularly for the CISSP exam.