Security Models
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hi, and welcome to Module 3.
00:00
In this module, we're going to be
00:00
discussing security models.
00:00
Now, this would be the final module in the course,
00:00
and we're going to talk about a couple
00:00
of the common security models
00:00
and then talk about how they apply
00:00
to some of the things that we've learned so far.
00:00
When we talk about security models,
00:00
it's just like the OSI model
00:00
in the networking section that you learned.
00:00
It's just this conceptual model.
00:00
A networking OSI model is
00:00
this conceptual model that
00:00
helps you think about how networks work.
00:00
It's not necessarily something that's physical,
00:00
that you can plug in,
00:00
it's just a conceptual thought process.
00:00
Security models are the same way.
00:00
Security models help you think and
00:00
conceptualize how to apply security in the environment.
00:00
Now the actual models are enforced
00:00
through security policy.
00:00
When we talked about access control policies
00:00
and acceptable use policies and those things,
00:00
that's how we actually apply
00:00
the models in the environment that's
00:00
how we enforced them.
00:00
Now there's a couple of main models
00:00
, there's several models.
00:00
We're going to take a look at a couple of the main ones.
00:00
The first one we'll talk about is
00:00
called the Bell LaPadula model.
00:00
The Bell LaPadula model is a confidentiality model,
00:00
it does not address data integrity.
00:00
This model talks all about how to make sure
00:00
that only those who should access data can access it.
00:00
We want to keep the data confidential.
00:00
We're not worried right now
00:00
about making sure data is accurate,
00:00
that's going to come later in a different model,
00:00
we just want to make sure it remains confidential.
00:00
In this model, every object must be labeled,
00:00
so every one of our data elements
00:00
has to have some classification.
00:00
Remember when we talked about top-secret secret,
00:00
and unclassified all those
00:00
different data classifications,
00:00
and this model, every object has to have a label,
00:00
and every subject which is an end-user
00:00
accessing the data or a service as accessing the data,
00:00
every subject must have
00:00
some clearance level so we can map the two together.
00:00
A good way to remember this model is if
00:00
you just remember no read up,
00:00
no write down that describes this model.
00:00
Let's take a look at how that works.
00:00
Before we do that, this is also a discretionary model,
00:00
which means it can be implemented in
00:00
a few different ways as long as you don't break those,
00:00
no read up no write-down basic rules.
00:00
We'll take a look at it. Let's say in this example,
00:00
we've got somebody on the left side of
00:00
the screen with a secret clearance
00:00
and that person is accessing
00:00
three different pieces of data.
00:00
One is top-secret, one is secret,
00:00
one is unclassified because we've got data labels.
00:00
Now if that person with a secret clearance
00:00
is trying to write
00:00
data to a top-secret location or to a secret location,
00:00
they're going to be allowed to
00:00
because with the Bell LaPadula model,
00:00
you're allowed to write to your level or above,
00:00
so it's no write-down.
00:00
No read up, but no write-down,
00:00
and that's why the secret clearance is not allowed to
00:00
write data to an unclassified data location.
00:00
Now the reason for this is
00:00
because we don't want someone with
00:00
a secret clearance who has access to secret data,
00:00
accidentally writing some of
00:00
that data to an unclassified location,
00:00
so there's the no write-down, concept.
00:00
With reading, it's the opposite,
00:00
there's no read up.
00:00
In this case, our secret clearance,
00:00
you cannot read top-secret data because you don't
00:00
have access rights to it,
00:00
you're not supposed to be able to see top-secret data,
00:00
but you can see secret data and unclassified data.
00:00
Now, in the Bell LaPadula model,
00:00
there's a property that we can
00:00
implement called the strong property.
00:00
This is why I said it's a discretionary model,
00:00
it does not have to be implemented this way as long
00:00
as those basic rules are met.
00:00
But in the strong property,
00:00
if you implement the Bell LaPadula model
00:00
with a strong property,
00:00
you're essentially implementing it in
00:00
such a way that a subject of
00:00
a certain clearance can only read or
00:00
write from an object of the same level of clearance,
00:00
and that way, you never run into
00:00
the problem of somebody reading something
00:00
that's too high of a clearance for
00:00
them are too high of access for them or
00:00
accidentally writing something to
00:00
a lower level database or something like that.
00:00
It's more difficult to
00:00
implement something with a strong property,
00:00
but there are certain situations where it's necessary.
00:00
Now, the Biba model is an integrity model.
00:00
Now, this one does not deal with confidentiality,
00:00
like to Bell LaPadula model,
00:00
and this one we simply care about
00:00
the accuracy of the data or the integrity of the data.
00:00
In this model, it's the opposite
00:00
of the Bell LaPadula model.
00:00
In the Biba model,
00:00
we say no right-up, no read down,
00:00
which is the opposite of Bell LaPadula.
00:00
Now, what does that look like?
00:00
Let's say we have three data sources
00:00
here and these three data sources,
00:00
there was a high, medium, and low integrity source.
00:00
What we mean by that is
00:00
our high integrity source is a data source where
00:00
we're as close to certain as we can
00:00
be that the data in that source is accurate.
00:00
The medium is like, okay, some of it's accurate,
00:00
some of it's not, and the low integrity is now,
00:00
maybe we got some stuff that's accurate,
00:00
but there's a lot of other garbage
00:00
or inaccurate stuff with it.
00:00
In these three sources,
00:00
let's say we want to copy data from
00:00
these three sources into a medium-level integrity source.
00:00
Or we're allowed to do that from
00:00
the higher source or from the medium source,
00:00
but not from the low.
00:00
The reason for this is because we don't
00:00
want to contaminate what we consider
00:00
to be a medium integrity source with low integrity data,
00:00
we don't want to make that medium source
00:00
have a less of an integrity marking than it already does.
00:00
But we can certainly copy it from the same
00:00
or higher level of integrity source because we're
00:00
only strengthening our certainty
00:00
that that data is accurate.
00:00
When we're talking about writing data from
00:00
the medium source going
00:00
the other direction, it's the opposite.
00:00
We can't write from that
00:00
medium source into what we consider
00:00
a high integrity source because we don't want
00:00
to contaminate the higher integrity source,
00:00
but we can write it to the same level or below.
00:00
Now, how does that look in a practical example?
00:00
I'm just going to give you one example,
00:00
there's many different ways we can apply these things,
00:00
but here's one example just to help you visualize it.
00:00
Let's say we've got someone with a secret clearance
00:00
and that person wants to access our CMDB,
00:00
our configuration management database.
00:00
Now, this is a database that is
00:00
our primary source of
00:00
record for all of our assets in the environment.
00:00
We consider this database to be as
00:00
accurate as possible and it is our source of truth,
00:00
so it's a high integrity source.
00:00
Someone with a secret clearance,
00:00
when they're accessing that source, the first thing,
00:00
we don't care if it's high integrity or low integrity
00:00
when we apply the Bell LaPadula model to this,
00:00
we're saying, well, what level of
00:00
access should that person have?
00:00
In this case, in the CMDB there's
00:00
asset information on
00:00
top-secret secret and unclassified assets
00:00
within the environment.
00:00
If the person with the secret clearance tries to access
00:00
asset information about this
00:00
top-secret asset within that database,
00:00
they won't be allowed to access it because they would be
00:00
reading down and gaining
00:00
access to something that they're not allowed to.
00:00
That's an example of Bell LaPadula.
00:00
Now, in this same example,
00:00
we can also apply the Biba model.
00:00
Now the Biba model,
00:00
we can talk about how does that CMDB,
00:00
or what we consider that high fidelity,
00:00
high integrity source,
00:00
how does it populate itself?
00:00
Where does it get its data from?
00:00
Maybe we've got a bunch of different
00:00
back-end data store,
00:00
let's say we've got Active Directory and in our case,
00:00
we consider Active Directory to
00:00
be a high fidelity source,
00:00
may not be in all cases,
00:00
but in this fictitious example,
00:00
we're saying is high fidelity.
00:00
We really trust that data,
00:00
anti-virus, some of it's accurate, some of it's not,
00:00
and then the spreadsheet on some managers
00:00
desktop and maybe there's some good stuff in there,
00:00
but a lot of it's not good.
00:00
The CMDB itself, when it populates its own database,
00:00
it's allowed to pull from
00:00
Active Directory because the CMDB is
00:00
a high-fidelity source which can
00:00
pull from another high fidelity source,
00:00
but it cannot pull data in from
00:00
lower fidelity or lower integrity sources.
00:00
It is an example of how you can
00:00
apply both the Bell LaPadula and
00:00
the Biba models in the same situation.
00:00
That wraps up our section on security models.
00:00
Let's take a quick quiz
00:00
to see what you learned in that section.
00:00
A couple of questions. Question 1,
00:00
which security model deals with data integrity?
00:00
Is it Bell LaPadula, Berringer,
00:00
Biba or Super Model? Answer is Biba.
00:00
Remember, Biba is the integrity model,
00:00
Bell LaPadula we're concerned only with confidentiality.
00:00
Next question, which of the following is
00:00
a characteristic of the Bell LaPadula model?
00:00
Is it no right up, no read up,
00:00
no right ever,
00:00
or no read down?
00:00
The answer is B, no read up.
00:00
Remember Bell LaPadula,
00:00
we're talking about confidentiality,
00:00
we don't want someone with
00:00
a certain clearance reading information
00:00
from a source that's
00:00
a higher classification than
00:00
what they should have access to.
00:00
That wraps up Module 3 and that takes us to the end of
00:00
our course on infrastructure security.
00:00
I hope you enjoyed learning it
00:00
as much as I enjoyed teaching it,
00:00
and I hope you'll see you again soon. Thank you.
Instructed By
Similar Content
