Information security models are methods used to authenticate security policies as they are intended to provide a precise set of rules that a computer can follow to implement the fundamental security concepts, processes, and procedures contained in a security policy.
New Citation Alert added!
These models can be abstract or intuitive. According to the state machine model, a state is a snapshot of a system at a specific moment in time. The state machine model derives from the computer science definition of a finite state machine FSM , integrating an external input with an internal machine state to model all types of systems, including parsers, decoders, and interpreters.
Given an input and a state, an FSM transitions to another state and may create an output. A transition takes place when accepting input or producing output and always results in a new state.
All state transitions must be examined and if all components of the state meet the requirements of the security policy, then the state is considered secure. When each state transitions to another secure state, the system is rendered as a secure state machine. Many other security models are influenced by the secure state concept.
Department of Defense DoD multi-level security policy. The DoD classifies resources into four different levels. In ascending order from least sensitive to most sensitive are the following: Unclassified, Confidential, Secret, and Top Secret.
Going by the Bell-LaPadula model, a subject with any level of clearance can access resources at or below its clearance level. However, only those resources that a person needs access to are made available.
For example, an individual cleared for the Secret level only has access documents labeled Secret. With these restrictions, the Bell-LaPadula model preserves the confidentiality of objects.
It does not acknowledge integrity or availability of objects. The Bell-LaPadula model is based on the state machine model. It also implements mandatory access controls and the lattice model.
The lattice tiers are the classification levels used by the security policy of the organization. Register For Free Now! Already a Member Login Here.
The Simple Security Property SS Property states that a subject at as specific classification level cannot read data with a higher classification level. A subject can be a person, a program, or a process.
Objects: An object is a passive entity, such as a file or a storage resource. In some cases, an item can be a subject in one context and an object in another.
The Bell-LaPadula does not deal with integrity or availability, access control management, and file sharing.
Information Security Models
It also does not impede covert channels, a mechanism that allows data to be communicated outside of normal, expected, or detectable methods.
Already a member?
Information Security Models. Information Security Models:. In this model, secure states are delimited by two rules called propertie s:.
Information Security Policies - Development
Show Answer. Only members can view the answer to this question.
New Citation Alert!
Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.
Student Support Get Support. Cybrary 0P3N Frosty Orange. Frosty Orange. Did You Know? Cybrary has tons of FREE training resources! No thanks.
We recommend always using caution when following any link Are you sure you want to continue?