Security Models are used to understand the systems and processes developed to enforce security principles. There are three key elements which plays role in model implementation:
Various models discussed here are:
Other models discussed below: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-based Access Control (RBAC), Rule-based Access Control (RBA)
Bell-LaPadula security model is combination of mandatory and discretionary access control mechanism.
First Principle, known as - Simple Security Rule - that no subject can read information from an object with a security classification higher than that possessed by the subject itself. This is also refferred as "no-read-up" rule.
So arrange the access level in hierarchal form, with defined higher and lower level of access.
Bell-LaPadula was designed to preserve "confidentiality" - focused on read and write access.
Reading material higher than subject's level is a form of unauthorized access.
Second Principle, known as *-property (star property) - states that subject can write an object only if it's security classification is less than or equal to the object's security classification.
Also known as "No-Write-Down" principle.
This prevents the dissemination of information users that do not have appropriate level of access.
Usage example - to prevent data leakage, publishing bank balance - to a public page..
Take-Grant Model:
- People
- Processes
- Technology
Various models discussed here are:
Access Control Models:
There are various different access control models provide different aspect of protection but Access Control List (ACL) is the most commonly used. ACL is a list that contains the subject that has access right to a particular object. An ACL will identify not only the subject, but also the specific access that subject has for the object.
Other models discussed below: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-based Access Control (RBAC), Rule-based Access Control (RBA)
Bell-LaPadula Confidentiality Model:
Bell-LaPadula security model is combination of mandatory and discretionary access control mechanism.
First Principle, known as - Simple Security Rule - that no subject can read information from an object with a security classification higher than that possessed by the subject itself. This is also refferred as "no-read-up" rule.
So arrange the access level in hierarchal form, with defined higher and lower level of access.
Bell-LaPadula was designed to preserve "confidentiality" - focused on read and write access.
Reading material higher than subject's level is a form of unauthorized access.
 |
| Courtesy: rutgures.edu |
Second Principle, known as *-property (star property) - states that subject can write an object only if it's security classification is less than or equal to the object's security classification.
Also known as "No-Write-Down" principle.
This prevents the dissemination of information users that do not have appropriate level of access.
Usage example - to prevent data leakage, publishing bank balance - to a public page..
Take-Grant Model:
- Built upon Graph Theory
- Distinct Advantage: Definitively Determine Rights - Unique Rights (take and grant)
 |
| courtesy: http://clinuxpro.com/wp-content/uploads/2013/10/Take-Grant-Model.png |
- Value lies in ability to analyze an implementation is complete or might be capable to leak information.
No comments:
Post a Comment