Information Security Models

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Information Security Models: 

Information security models are methods used to authenticate security policies as they are intended to provide a precise set of rules that a computer can follow to implement the fundamental security concepts, processes, and procedures contained in a security policy. These models can be abstract or intuitive.

State Machine Model: The state machine model refers to a system that is always in secure mode regardless of the operational state it is in. According to the state machine model, a state is a snapshot of a system at a specific moment in time. The state machine model derives from the computer science definition of a finite state machine (FSM), integrating an external input with an internal machine state to model all types of systems, including parsers, decoders, and interpreters. Given an input and a state, an FSM transitions to another state and may create an output. A transition takes place when accepting input or producing output and always results in a new state. All state transitions must be examined and if all components of the state meet the requirements of the security policy, then the state is considered secure. When each state transitions to another secure state, the system is rendered as a secure state machine. Many other security models are influenced by the secure state concept.

Bell-LaPadula Model: The Bell-LaPadula Model was developed to formalize the U.S. Department of Defense (DoD) multi-level security policy. The DoD classifies resources into four different levels.

In ascending order from least sensitive to most sensitive are the following: Unclassified, Confidential, Secret, and Top Secret. Going by the Bell-LaPadula model, a subject with any level of clearance can access resources at or below its clearance level. However, only those resources that a person needs access to are made available. For example, an individual cleared for the Secret level only has access documents labeled Secret. With these restrictions, the Bell-LaPadula model preserves the confidentiality of objects. It does not acknowledge integrity or availability of objects.

The Bell-LaPadula model is based on the state machine model. It also implements mandatory access controls and the lattice model. The lattice tiers are the classification levels used by the security policy of the organization.

In this model, secure states are delimited by two rules called properties:

View Topics

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?