Security Architectures

Security Architecture is a reproducible cohesive security design, which addresses the requirements and the risks of a particular environment or scenario, and specifies what security controls are to be applied where. (“What is Security Architecture”)

There are various types of security models, each suited for a different purpose, and each of varying complexity.
For instance, some models can capture policies for confidentiality (Bell-LaPadula) or for integrity (Biba, Clark-Wilson).
Some models apply to environments with static policies (Bell-LaPadula), others consider dynamic changes of access rights (Chinese Wall).
Security models can be informal (Clark-Wilson), semi-formal, or formal (Bell-LaPadula, Harrison-Ruzzo-Ullman). (“Security Architecture and Design/Security Models”)

1. Bell-LaPadula Confidentiality Model

  • mathematical model
  • multi-level security policy
  • static model
  • enforces confidentiality
  • Rules-
    • Simple security rule (no read up rule)
      – a subject at a given security level can not read data that resides at a higher security level.
    • Star property rule ( no write down rule)
      – a subject in a given security level can not write information to a lower security levels.

2. Biba Integrity Model

  • addresses integrity of information
  • derived from Bell-LaPadula model
  • Rules-
    • simple integrity rule(no read down)
      – a subject can not read data from a lower integrity level
    • star integrity rule(no write up)
      – a subject can not write data to an object at a higher integrity level.
    • invocation property
      – a subject can not invoke(call upon) a subject at a higher integrity level.

3. Clark-Wilson Integrity Model

  • addresses integrity of information
  • it components help in-
    • preventing unauthorized users from making modifications
    • creating a separation of duties that prevent authorized users from making improper modifications
    • creating well-formed transactions that maintain internal and external consistency

4. Brewer-Nash Chinese Wall Model

  • provides access controls that change dynamically based on user’s previous actions
  • protects against conflict of interest by user’s access attempts
  • Rule-
    – a subject can write to an object if, and only if, the subject can not read another object that is in a different data set

5. Harrison-Ruzzo-Ullman

  • deals with the integrity of access-rights in a system
  • based around the concept of a finite set of procedures being available to edit the access rights of a subject on a particular object


The best balance between simplicity and security seems to be provided by the Bell-LaPadula and the Biba models of security. Both of them revolve around two simple rules for reading and writing of information –  “no read up” and “no write down” – and help to protect confidentiality and integrity of the information.


Thorn, A. (2008, September 29). What Is Security Architecture. Retrieved from

Security Architecture and Design/Security Models – Wikibooks, open books for an open world. (n.d.). Retrieved June 24, 2017, from