--Originally published at Computer and Information Security
Howdy once again reader! Today’s topic is about some basic architecure models to give security in a system.
Security models of control are used to determine how security will be implemented, what subjects can access the system, and what objects they will have access to. Simply stated, they are a way to formalize security policy. Security models of control are typically implemented by enforcing integrity, confidentiality, or other controls. Keep in mind that each of these models lays out broad guidelines and is not specific in nature. It is up to the developer to decide how these models will be used and integrated into specific designs.
The most frequented or used are:
A lattice is a mathematical construction with:
- a set of elements
- a partial ordering relation
- the property that any two elements must have unique least upper bound and greatest lower bound
A security lattice model combines multilevel and multilateral security.
Lattice elements are security labels that consist of a security level and set of categories
In state machine model, the state of a machine is captured in order to verify the security of a system.
The model is used to describe the behavior of a system to different inputs. It provides mathematical constructs that represents sets (subjects, objects) and sequences. When an object accepts an input , this modifies a state variable thus transiting to a different state.
- The developer must define what and where the state variables are.
- The developer must define a secure state for each state variable.
- Define and identify the allowable state transition functions.
- The state transition function should be tested to verify that the overall m/c state will not compromise and the integrity of the system is maintained.
The model ensures that any actions that take place