A security model is a symbolic portrayal of a security
policy. It maps the requirements of the policy makers into a set of rules and regulations that are to be followed
by a computer system or a network system. A security policy is a set of abstract goals and high-level
requirements, and the security model is the do's and don'ts to make this happen.
You should know about several important security models even though describing them in detail is beyond the
scope of this book:
The Bell-LaPadula Model (BLM), also called the multilevel model, was introduced mainly to enforce access
control in government and military applications. BLM protects the confidentiality of the information within
a system.
The Biba model is a modification of the Bell-LaPadula model that mainly emphasizes the integrity of the
information within a system.
The Clark-Wilson model prevents authorized users from making unauthorized modification to the data.
This model introduces a system of triples: a subject, a program, and an object.
The Access Control Matrix is a general model of access control that is based on the concept of subjects
and objects.
The Information Flow model restricts information in its flow so that it moves only to and from approved
security levels.
Pages:
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60