--Originally published at TC2027 – Titel der Website

Hello Guys,

in this post i am going to Blog about some Security Models.

Commonly Security models are used to determine how security will be implemented, what subjects can access the system, and what objects they will have access to. The Models are a way to formalize security policy.

Security models of control are typically implemented by enforcing integrity, confidentiality, or other controls.

How security models are used in the design of an OS.

(The first three models discussed are considered lower-level models.)

 

State Machine Model

The state machine model is based on a finite state model.

(Finite state model)

What is it used for?

• model complex systems
• deal with acceprors
• deal with recognizers
• deal with state variabels
• transaction functions

The state machine defines the behavior of a finite number of states, the transitions between the states and actions which can occur.

 

Information Flow Model

The Information flow Model is like the state machine concept. But a extension.

The Information Flow Model serves as the basis of design for both. The BIBA and the Bell-LaPadula model. Objects are part of the Information Flow Model. Also transitions and lattice states.

The goal of the Information Flow Model is, that unauthorized and insecure information flow not happen.

 

Bell-LaPadula

The Bell-LaPadula state Machine Model enforces confidentiality. It uses mandatory access control to enforce the DoD multilevel security policy.

To access an information the User has to exceed the informations classification level.

Properties of The Bell-LaPadula:

• Simple security property (ss property)—This property states that a subject at one level of confidentiality is not allowed to read information at a higher level of confidentiality. This is sometimes referred to as “no read up.”
• Star * security property—This property states that a subject at one level of confidentiality is
  
  
  Continue reading "Security Models" →