Security Architecture Models - Bell La Padula Model
ฝัง
- เผยแพร่เมื่อ 9 ก.ค. 2024
- Security Architecture Models - Bell La Padula Model. This lecture is about Security Architecture models. The three main requirements of Information Security are: Confidentiality, Integrity and Availability. Confidentiality means, only authorized persons should access the data. Integrity means only authorized persons can change the data. Availability means information is available to authorized persons when they need. Authorized persons can get access to the data when and where they need.
These three requirements are essential and what we call this one as C.I.A. triangle. A security architecture model is a statement, that outlines the requirements necessary, to properly support and implement a certain security policy. A security model provides a deeper explanation of how a computer operating system should be developed to properly support a specific security policy. A security architecture model helps in conceptualizing the design and implementation. Also security architecture model checks whether the implementation meets all the requirements
There are various types of security models:
Bell Lapadulla Confidentiality
Biba Integrity Model
Graham Denning Access Control Model and
Harrison Ruzzo Ulman Model
Four types of Information may be available in any organization. It can be
Top Secret
Secret
Confidential
Public
It deals with the control of information flow among various users at different levels. It is a formal description of the allowable paths of information flow in a secure system.The model’s goal is to identify allowable communication at the same time maintaining secrecy is important.
The model has been used to define security requirements for systems concurrently handling data at different sensitivity levels. This model describes acceptable connections between subjects and objects at different levels of sensitivity. That is why it is said to be subject-to-subject model. Top secret information is the one that need to be kept highly secure and confidential. Access to top secret is very very limited. For example, a country’s military information is top secret. Only 1 or 2 can access the top secret documents.
Secret information is the one that also need to be kept confidential and secure. But it is not that much important compared with top secret. For example, a company’s assets and bank balance are secret information. Very few can access the secret documents. Confidential information need to be kept confidential. But the level of confidentiality in this type is less compared with top secret and secret. For example, an organization’s business transaction details. People related to that organization alone can access confidential documents. Not need to maintain any secrecy for Public type of information. It can be informed to all. That is why we call this as public. Here the documents can be accessed by the public. In this diagram, four types of information are there, with its level of priority.
Here, subject means the user and the object means the documents.
In this example, a user is allowed to access secret documents. His or her level is only confined to secret documents. Hence this user can read and write all the documents in between top secret and secret. You can see the subject moving between two lines, top secret and secret.But this user cannot be allowed to read any document in one step up. That is, top secret documents. This is said to be NO READ UP RULE. Similarly, this user cannot be allowed to write in one step below, that is, confidential documents. This is said to be NO WRITE DOWN RULE.There are two types of rules defined by bell la padula model.
Simple security rule
Star property rule
The simple security rule states that a subject at a given security level cannot read data that resides at a higher security level.
The star property states that a subject in a given security level cannot write information to a lower security level.
The simple security rule is referred to as the “no read up” rule and the *- property rule is referred to as “no write down” rule - วิทยาศาสตร์และเทคโนโลยี
NICE SUPER EXCELLENT MOTIVATED
Straight and clear explanation. Thank You
Thanks for the clear explanation of the model. However, tranquility property hasn't been addressed. Tranquility property helps in preventing race conditions while accessing documents.
Thanks for your comments.