A Security Architecture is a reproducible cohesive security design, which addresses the requirements and the risks of a particular environment or scenario, and specifies what security controls are to be applied where. (“What is Security Architecture”)
There are various types of security models, each suited for a different purpose, and each of varying complexity.
For instance, some models can capture policies for confidentiality (Bell-LaPadula) or for integrity (Biba, Clark-Wilson).
Some models apply to environments with static policies (Bell-LaPadula), others consider dynamic changes of access rights (Chinese Wall).
Security models can be informal (Clark-Wilson), semi-formal, or formal (Bell-LaPadula, Harrison-Ruzzo-Ullman). (“Security Architecture and Design/Security Models”)
1. Bell-LaPadula Confidentiality Model
- mathematical model
- multi-level security policy
- static model
- enforces confidentiality
- Rules-
- Simple security rule (no read up rule)
– a subject at a given security level can not read data that resides at a higher security level. - Star property rule ( no write down rule)
– a subject in a given security level can not write information to a lower security levels.
- Simple security rule (no read up rule)
2. Biba Integrity Model
- addresses integrity of information
- derived from Bell-LaPadula model
- Rules-
- simple integrity rule(no read down)
– a subject can not read data from a lower integrity level - star integrity rule(no write up)
– a subject can not write data to an object at a higher integrity level. - invocation property
– a subject can not invoke(call upon) a subject at a higher integrity level.
- simple integrity rule(no read down)
3. Clark-Wilson Integrity Model
- addresses integrity of information
- it components help in-
- preventing unauthorized users from making modifications
- creating a separation of duties that prevent authorized users from making improper modifications
- creating well-formed transactions that maintain internal and external consistency
4. Brewer-Nash Chinese Wall Model
- provides access controls that change dynamically based on user’s previous actions
- protects against conflict of interest by user’s access attempts
- Rule-
– a subject can write to an object if, and only if, the subject can not read another object that is in a different data set
5. Harrison-Ruzzo-Ullman
- deals with the integrity of access-rights in a system
- based around the concept of a finite set of procedures being available to edit the access rights of a subject on a particular object
Remarks
The best balance between simplicity and security seems to be provided by the Bell-LaPadula and the Biba models of security. Both of them revolve around two simple rules for reading and writing of information – “no read up” and “no write down” – and help to protect confidentiality and integrity of the information.
References-
Thorn, A. (2008, September 29). What Is Security Architecture. Retrieved from https://www.isss.ch/fileadmin/publ/agsa/Security_Architecture.pdf
Security Architecture and Design/Security Models – Wikibooks, open books for an open world. (n.d.). Retrieved June 24, 2017, from https://en.wikibooks.org/wiki/Security_Architecture_and_Design/Security_Models