Security Models

Access Control Models

Based on their operational impact

degree of authority

By characteristics:

Other

 Detective
 Corrective
 Recovery
 Preventative
 Deterrent
 Compensating

 Management:
 Operational (administrative):
 Technical:

DAC

NDAC

MAC

o Task-based controls

o Role-based

• Content-dependent access controls

• Constrained user interfaces

• Temporal (time-based) isolation

Security Architecture Models

o EVALUATION MODELS

o IMPLEMENTATION MODELS

ITSEC

common criteria

TCSEC

Bell-LaPadula

Biba

Graham-Denning

Confidentiality

integrity

Harrison-Ruzzo-Ullman

Clark-Wilson

how subjects may manipulate the objects

allow changes to access rights and the addition and removal of subjects and objects

change control rather than integrity

Brewer-Nash

conflicting sets of data

Security Management Models

NIST Security Models

ISO 27000 Series

SP 800-14

SP 800-18

SP 800-12

SP 800-30

SP 800-53

COSO

COBIT

ITIL

Information Security Governance Framework