Security models Flashcards
Trusted Computing Base (TCB)
hardware, software and controls that work together to enforce security policies.
Reference Montitor
Part of TCP verifies all access between subjects and objects.
State Machine Model
System that is always secure regardless of what state it’s in
information flow model
based on controlling flow of information between different levels of security
Noninterference model
Concerned with preventing subjects at higher security level interfering with a subject at a lower level.
Take-grant model
Controls how rights can be passed from one subject to another or to an object. Uses a directed graph visualize this.
Includes following rights:
Take
Grant
Create
Delete
Access control matrix
Table of subjects and objects showing what each subject can do to each object. Each column is an access control list showing for a given object. Each row is a subject.
Bell-LaPadula Model
Designed to support DoD multi-level security policies. Focused only on confidentiality. Also lattice based. Also based on the state machine model. Also a type of mandatory access control.
Simple Security Property: No read up.
Star Property: No write down
Biba model
Focused on integrity and not confidentiality. Multilevel model built on information flow model. Opposite of the Bell-LaPadula Model.
Simple Security Property: No read down
Star Property: No write up
Clark-Wilson Model
Uses a security triplet: Subject/Program/object. It enforces segregation of duties and is commonly used in commercial applications. Mostly focused on data integrity but can also cover confidentiality. Uses following items:
Constrained data items
Unconstrained data item
Integrity Verification Procedure
Transformation Procedure
Brewer Nash Model
Used with databases. Dynamically changes access based on previous actions.
Goguen–Meseguer Model
An integrity model. The basis for noninterference models. Based on creating domain or set of objects a subject can access. Subjects are grouped by domain. Similar subjects are grouped into domains. Domains can’t interfere with each other.
Sutherland Model
Integrity model. Uses noninterference to enforce integrity. I defines sets of secure systems states.
Graham–Denning Model
Focuses on the secure creation of subjects and objects using 8 protection rules. Securely create/delete subjects and objects. Securely provide read, grant, delete and transfer rights.
Harrison–Ruzzo–Ullman Model
focuses on the assignment of object access rights to subjects as well as the resilience of those assigned rights. It is an extension of the Graham–Denning model.