Network Architecture Models

00:03

everyone. My name is Peter Simple on and this is the network Security course. This is going to be module for Lesson two.

00:14

Perec Was it for this lesson? Our modules 12 and three and the first lesson from module four. In the last lesson, we took a look at networked apologies and segmentation and isolation networks designed principles

00:33

and controls.

00:36

In this lesson, we're going to learn about security models and how they enforce confidentiality and integrity.

00:45

The first model we're going to look at is the Bell UPA Djula model. This model focuses on confidentiality only

00:54

this model focuses on the relationship between objects, subjects and authentication levels, so each object in the bell, a possible model, gets a label. The label is one of top secret, secret, confidential or unclassified.

01:11

The user also gets a label. They could be confidential, secret or top secret. And the way this works is

01:21

the person who, whatever their, whatever their level was, they can only access things that are at the same level of them. And below

01:30

there are two properties with this model.

01:36

First is no read up, so that means the person cannot read anything that has a higher sensitivity level than what they have that can on Leigh read things that have the same sensitivity level or a lower sensitivity level.

01:53

The second property is no right down. They cannot modify or save any data objects that have a lower sensitivity level as them.

02:06

So let's walk through the example here really quick. So we have John from the FBI and he has been given secret clearance

02:14

File A is labeled

02:15

top secret.

02:17

John cannot look at file light because of the no read up top secret. It has a higher sensitivity level in secret, so therefore he cannot read it.

02:28

File be is labeled confidential.

02:30

John can read file B, but he can't write to it because there is no right down

02:37

file, See is labeled secret.

02:39

John can read file, see, but he cannot write to it. He cannot write to it because you can't write down to any files that have the same security clearance level as you.

02:54

The second security model we're gonna look at today is Thebe Iba integrity model. This model is similar to the bell, a possible model, but it focuses on integrity rather than confidentiality. Like the bell UPA jewel model. This model also has objects with

03:12

labels, security labels.

03:15

It has users who have certain clearances,

03:17

and it also has two properties.

03:22

First, property is no read down.

03:24

The person cannot read a object that has a property sensitivity level that is equal to or below what they have.

03:36

The second property is no right up. That means a person cannot modify any object that has a higher or equal sensitivity level than them.

03:47

Let's go through another example. So we have John from the FBI again, who also has Secret Clearance.

03:53

File A is labeled confidential.

03:57

John cannot read file A because you are not allowed to read down

04:01

File Be is labeled top secret.

04:04

John can see it, but he can't modify it because of no right out

04:09

file. See is labeled secret. John can't read it but can write to it because of no Read down.

04:16

The last network security model is also another integrity model, and this is known as the Clark Wilson model.

04:24

This model focuses on the relationship between objects users and authenticated programs, so the user here on the left has at plenty of access to unconstrained data items. But toe access. A constrained date item.

04:42

They have to go through what's known as a TPS or a transformation procedures.

04:47

The's transformation procedures are programs specially authenticated programs, which can access constrained data items and be sure that they are not changed in any way.

05:00

Every once in a while, there are Ivy peas, integrity verification procedures, which make sure that constrained data items have not been altered before, during or after a transaction or access by a transformation procedure.

05:20

In today's video, we discussed network security models for confidentiality and integrity.

05:29

Quiz time.

05:30

John. If the FBI creates a file on his computer and inside, he put secret information on a dangerous criminal.

05:36

John needs to give access to others to this file, but he only wants people to see it if they have the same security clearance that he does or higher security clearance. Which security models? John Use a. The big A model.

05:51

Be the Clark Wilson model. See the Bella Padula model or D the brewer Nash model.

06:00

If you said see Bella, Pa Djula model that you are correct. Remember, Bella Possible model has two properties. No read up and no right down.