Security Models
State Machine Model
Collection of:
Operations
Finite states
Permissible transition functions
Useful for describing permitted states
Bell-LaPadula Access Control Model
Properties
Strong star property (Strong * property)
Star property (* property)
Subject cannot read/write to object of higher/lower sensitivity
Subject cannot write to object of lower sensitiity
Simple Security Property (SS)
Subject cannot read object of higher sensitivity
Limitations
Confidentiality only
No method for management of classifications
"No read up"
Biba Model
"No write up"
Security Policies
Simple integrity condition
Subject cannot read objects of lesser integrity
Integrity star * property
Subject cannot write to objects of higher integrity
Invocation Property
Subject cannot send messages (logical request for service) to object of higher integrity
opposite of Bell-Lapadula
Only covers 1st rule of integrity
4 rules of integrity
1
Data is protected from modification by unauthorized users
2
Data is protected from unauthorized modification by authorized users
3
Data is internally and externally consistent
4
Data held in a database must balance internally and correspond to the external, real-world situation
Clark-Wilson Model
Access Control Triple
User
Transformation Procedures (TPs)
Cosntrained data item (CDI)
Integrity Verification Procedures (IVPs)
Well formed transcation
Ensures data item is in valid state
preserves internal consistency
Manipulates data only in ways that ensure internal consistency
Brewer-Nash
aka "Chinese Wall"
Wall is defined by a set of rules that ensures no subject from one side of the wall can access objects on the other
Graham Denning Model
Eight basic secure protection rules
Create an object
Create a subject
Delete an object
Delete a subject
Provide read access right
Provide grant access right
Perovide delete access right
Provide transfer access right
Access Control Matrix