Hi. Welcome to Module Three
and this module. We're going to be discussing security models now. This will be the final module in the course, and we're gonna talk about a couple of the common security models and then talk about how they apply to some of the things that we've learned so far.
And when we talk about security models, it's just like the OS I model in the networking section that you learned. It's just this conceptual model in the, you know, networking OS I model is this conceptual model that helps you think about how networks work. It's not necessarily something that's that's
physical that you can you can plug in. It's just a conceptual thought process.
Security models of the same way security models help you think and conceptualize how to apply security in the environment.
Now the actual models are enforced through security policy, so we talked about access control policies and acceptable use policies and those things. That's how we actually apply the models in the environment. That's how we have enforced them.
Now there's a couple of Maine models. There's a several models. We're gonna take a look at a couple of the main ones. The first we'll talk about is called the Bella Padilla model. Now, the Bella Padilla model is a confidentiality model. It does not address data integrity. So this model talks all about how to make sure that
those Onley those who should access data can access it. We want to keep the data confidential.
We're not worried right now about making sure that the data is accurate. That's gonna come later in a different model. We just want to make sure it remains confidential.
In this model, every object must be labeled. So everyone of our data elements has to have some sort of classifications. Remember when we talked about top secret secret, you know, and unclassified all those different data classifications and this model, every object has to have a label
and every subject which is an in user accessing the data or a service as accessing the data.
Every subject must have some sort of clearance level so we can map the two together.
A good way to remember this model is if you just remember no read up. No right down. That describes this model. Let's take a look at how that works
before we do that. This is also a discretionary model, which means it can be implemented in a few different ways. As long as you don't break those no read up, no right down basic rules. We'll take a look at it.
So let's say in this example, we've got somebody on the left side of the screen with a secret clearance and that persons accessing
three different pieces of data once top secret, one secret ones unclassified because we've got data labels. Now, if that person with the secret clearance is trying to write data to a top secret location or to a secret location, they're going to be allowed to, because the with the with the Bella Padilla model, you're allowed to write to your level
So it's no right doubt no read up, but no right down. And that's why the secret clearance is not allowed to write data to an unclassified data location. Now the reason for this is because we don't want someone with a secret clearance to Hack has access to secret data, accidentally writing some of that data to an unclassified location. So there's the
no right down concept
with reading. It's the opposite. There's no read up. So in this case, our secret clearance. You cannot read top secret data because you don't have that. You don't have access rights to it. You're not supposed to be able to see top secret data, but you can see secret data and unclassified data.
Now in the Bella Padilla model, there's ah, property that we can implement called the strong Property. And this is why I said it's a discretionary model. It does not have to be implemented this way as long as those basic rules are met. But in the strong property. If you implement the bill to do a lot of with a strong property, you're essentially implementing it in such a way that
a subject of a certain clearance
can on Leigh read or write from an object of the same level of clearance. And that way, you you never run into the problem of somebody reading something that's too high. Clearance for them are too high of access for them are actually writing something to a lower level database or something like that.
It's more difficult to implement something with the strong property, but there's certain situations where it's necessary
now the Bible model is an integrity model. Now this one does not deal with confidentiality like develop a doula model and this one we simply care about the accuracy of the data or the integrity of the data
and this model. It's the APP. It's the opposite of the bill of a doula model. So in the Bible model, we do we say no right down. I'm sorry. No right up. No read down, which is the opposite of Bella Padilla.
What does that look like? So let's say we have three data sources here and in these three data sources that there's a high medium and low integrity source on what we mean by that is our high integrity. Source is a source, a data source where we're as close to certain as we can be that the data in that source is accurate.
The medium is like OK, some of its accurate, some of it's not. And the low integrity is, well, maybe we got some stuff that's accurate, but there's a lot of other garbage or inaccurate stuff with it.
So in these three sources, if we want to say, let's say we want to copy data from these three sources into a medium level integrity source. Well, we're allowed to do that from the higher source or from the medium source, but not from the low. And the reason for this is because we don't want to contaminate what we consider to be a medium integrity source
with low integrity data. We don't want to make that medium source
less have a less oven integrity marking than it already does. But we can certainly copy it from the same or higher level of integrity source because we're only strengthening our. Our certainty that that data is is accurate.
When we're talking about writing data from the medium source going the other direction, it's the opposite. We can't write from that medium source into what we consider a high integrity source because we don't want to contaminate the higher integrity source, but we can write it to the same level or below.
How does that look? In a practical example, right? I'm just gonna give you one example. There is many, many, many different ways we can apply these things, but here's one example just to help you visualize it. Let's say we've got someone with a secret clearance, and that person wants to access our See MDBR configuration management database.
Now this is a database that is our primary source of record for all of our assets in the environment. We consider this database to be
as accurate as possible. It is our source of truth. So it's a high integrity source,
someone with a secret clearance when they're accessing that source. The first thing we don't care if it's high integrity or low integrity. When we apply the bill of a doula model to this, we're saying, Well, what level of access should that person have?
And in this case, in the sea mdb. There's there's acid information on top secret, secret and unclassified assets when then within the environment. So if the person with secret clearance tries to access asset information about this top secret asset within that database, they won't be allowed to access it because
they would be reading down and gaining access to something that they're not allowed to.
That's an example of Bella Padilla.
Now, in this same example, we can also apply the the bib, a model now the Bible model we can talk about. How does that C M D B or what we consider that high fidelity high integrity source. How does it populate itself? Where does it get its data from?
Maybe we've got a bunch of different back end data stores. Let's say we've got active directory and in our case, we consider active directory to be,
ah, High Fidelity source may not be in all cases, but in this fictitious example, we're saying it's high fidelity.
We really trust that data anti virus, some of its accurate. So it's not. And then the spreadsheet on some managers desktop. And maybe there's some good stuff in there, but a lot of it's not good. So the CME DB itself when it populates its own database. It's allowed to pull from active directory because the C M. D. B is ah, high Fidelity source, which can pull from another high Fidelity source.
But it cannot pull data in from lower
Fidelity or lower integrity sources. And that's example. That's is an example of how you can apply both the Bella Padilla and the B, but the Bible models in the same situation.
Okay, that wraps up our section on security models. Let's take a quick quiz to see what you learn in that section. A couple of questions.
Question one. Which security model deals with data integrity? Is it Bella Padilla, Barrenger, Bemba or supermodel
answers Bib? Remember, Biber is the integrity model Bella Padilla were considered on were concerned only with confidentiality.
Next question. Which of the following is a characteristic of the Bella Padilla model, is it? No. Right up. No Read up. No right. Ever or no. Read down.
The answer is B. No read up. Remember Bella Padilla? We're talking about confidentiality. We don't want someone with a certain clearance reading information from a source that that's a higher classifications on what they should have access to.
Okay, that wraps up module three. And that takes us to the end of our course on infrastructure security. I hope you enjoyed learning it as much as I enjoyed teaching it. I hope you see you again soon. Thank you.