Security Models

Question 1

Bell La Padula

Answer 1

Mandatory Access Control
Focused on Confidentiality
TCSEC B1

Question 2

Bell La Padula - Simple Security

Answer 2

Cannot Read Up

Question 3

Bell La Padula - *Security

Answer 3

No Write down

Question 4

Bell La Padula - Strong*

Answer 4

Only access data at own level (no read/write up or down)

Question 5

BIBA

Answer 5

Mandatory Access Control

Focused on Integrity

Question 6

BIBA Simple Integrity

Answer 6

No Read Down

Question 7

BIBA *Integrity

Answer 7

No Write Up

Question 8

BIBA Invocation

Answer 8

No read or write up

Question 9

Lattice Based Access Control (LBAC)

Answer 9

MAC

subject can have multiple access

Question 10

Graham Denning Model

Answer 10

Uses Objects, subjects and rules

focused on relationship between subjects and objects

Question 11

Clark Wilson

Answer 11

Integrity Model

Focus on seperation of duties and Well formed transactions (one consistent state to another consistent state)

Question 12

Brewer Nash

Answer 12

Chinese wall or Info Barriers
provide controls that mitigate conflict of interest
no info flow that could create conflict of interest

Question 13

Take-Grant

Answer 13

Uses rules that govern interaction between subjects and objects

• Take - take rights of another object
• grant - grant own rights to an object
• create - create new rights
• remove - remove rights it has

Question 14

Lipner Model

Answer 14

Bell La Padula + BIBA

Question 15

Non interference model

Answer 15

Actions taken place at higher level does not affect lower levels. Any change at higher level will not be noticed

Question 16

Zachman framework

Answer 16

Maps a matrix of Who, what where, when, how and why

Map to - planner, owner, designer, builder, programmer, user

Question 17

TCSEC

Answer 17

Orange Book - Trusted Computer Security Evaluation Criteria

A- MAC; Formal, verified protection
B3 - MAC; Security domain (trusted recovery, Monitor event and notification
B2 - MAC; Structured protection (trusted path, covert channel analysis). Separate operator/admin roles. Configuration management
B1 - MAC; (security labels) based on Bell LaPadula security model. Labeled security (process isolation, devices
C2 - DAC; Controlled access protection (object reuse, protect audit trail).
C1 - DAC; (identification, authentication, resource protection).
D- minimal protection, any systems that fails higher levels

Question 18

ITSEC

Answer 18

First international security model
based on TCSEC 
1 = D
2= C1
3 = C2
4 = B1
5 = B2
6 = B1
7 = A