Select Page

Types of Security Models

CISSP

  1. State Machine Model
    • Definition: A security model that describes a system that is secure in every possible state.
    • Key Concepts:
      • Secure State: A system is considered secure if all aspects of its state meet the security policy requirements.
      • State Transition: Occurs when the system accepts input or produces output, leading to a new state. The system must remain secure throughout all transitions.
      • Characteristics: The system always boots into a secure state, maintains security during transitions, and ensures that subjects access resources in a manner compliant with the security policy.
  2. Information Flow Model
    • Definition: A security model that focuses on controlling the flow of information within a system.
    • Key Concepts:
      • State Machine Basis: Information flow models are based on the state machine model.
      • Security Focus: Designed to prevent unauthorized, insecure, or restricted information flows, often between different levels of security (multilevel security models).
      • Examples: Bell-LaPadula and Biba models are both information flow models.
      • Covert Channels: The model addresses covert channels by excluding all non-defined flow pathways.
  3. Noninterference Model
    • Definition: A security model concerned with ensuring that the actions of a subject at a higher security level do not affect or are noticed by subjects at a lower security level.
    • Key Concepts:
      • Information Flow Focus: Loosely based on the information flow model but focuses on the impact of actions rather than the flow itself.
      • Security Protection: Provides a form of protection against malicious programs like Trojan horses by ensuring that higher-level actions do not interfere with lower-level actions.

These models provide a framework for defining and understanding the allowed interactions between subjects (active parties) and objects (passive parties) within a system, ensuring that security policies are consistently applied and maintained. Understanding these models is essential for evaluating and implementing secure systems, particularly for the CISSP exam.

Latest Post:

Pin It on Pinterest