Computer security is based on the role of various entities within the system and their CIA requirement. Information security models address the CIA requirements in computing systems and data.
This computer security model is also called the take-grant protection model and it specifies obtaining (taking) rights from one entity and giving them to another or the transferring (granting) of rights by one entity to another. There are two entities defined in this model: a subject and object. In simple terms, this model proposes a directed graph that represents the transfer of rights.
There are four rules in this model; they are as follows:
- Take rule: The subject takes rights of another subject
- Grant rule: The subject grants rights to another subject
- Create rule: The subject creates new nodes
- Remove rule: The subject removes its rights over an object
This is a data-confidentiality model developed by David Elliot Bell and Len LaPadula. Since the focus is on confidentiality, this model prescribes access controls to classified or confidential information. This model specifies three security properties. The first two are related to Mandatory Access Control (MAC) and the last is Discretionary Access Control (DAC):
- The Simple Security property states that a subject, at a given security level, may not read an object at a higher security level (no read-up)
- The *-property (star-property) states that a subject, at a given security level, must not write to any object at a lower security level (no write-down)
- The Discretionary Security property uses an access matrix to specify the discretionary access control
A simple way to remember this model is: no read up and no write down.
This model focuses on data integrity. This model was developed by Kenneth J. Biba.
This model states the following two rules:
- Simple integrity axiom states that a subject, at a given level of integrity, may not read an object at a lower integrity level (no read down)
- * (star) integrity axiom states that a subject, at a given level of integrity, must not write to any object at a higher level of integrity (no write up)
A simple way to remember this model is: no read down and no write up.