Security Modeling for Reliability and Resilience

Security Modeling for Reliability and Resilience

What are Security Models

Information systems use security models, which are a list of operations for evaluating and authenticating security policies.  This helps to map policy goals to information systems through the specification of explicit data structures and techniques needed for implementing the said security policy.

A security model can be represented in mathematical form as well as analytical ideas. These are mapped into system specifications which are then developed via programming.

A variety of security models are suggested for the enforcement of security policies. 

Bell-Lapadula model

The Bell-Lapadula model is suitable for multilevel security systems. In such systems, the user utilizes it with various approvals. Data is then processed at various classification levels. Being the first mathematical model, the Bell-Lapadula model was proposed in the 70s to stop unauthorized access to classified information.

Three core rules are used for the Bell-Lapadula model.

Simple Security Rule

According to this rule, a subject belonging to a particular security level cannot read data contained in a higher security level.

Star Property Rule

Under this rule, a subject belonging to a particular security level is prevented from writing information at a lower security level.

Strong Star Property Rule

This rule asserts that object classification and subject approval should be equal for the subject to write to and read an object.

Biba Model

The Biba model is a type of security model which examines the integrity of data contained in the system. It does not deal with confidentiality and security levels. The Biba model uses the integrity level to stop data belonging to a given integrity level from going towards higher integrity levels.

Biba uses three key rules to allow this sort of protection.

The Star Integrity Axiom

The subject is not able to write data for an object that is at a higher integrity level.

The Simple Integrity Axiom

The subject is not able to read data coming from a lower level of integrity.

The Invocation Property

The subject is not capable of invoking service present at a higher level of integrity.

Clark-Wilson Model

The Clark-Wilson model was proposed following the development of the Biba model. It uses different methods to protect information integrity.

The Clark-Wilson model makes use of the following elements.

Users: Active agents

Transformation Procedures – programmed abstract procedures like modify, write and read.

Constrained Data Items (CDIs) – Only transformation procedures can manipulate constrained data items.

Unconstrained Data Items – Users can manipulate UDIs via primitive write and read procedures.

Integrity Verification Procedures – CDI consistency is checked against external reality.

Non-Interference Model

Under the non-interference model, data belonging to various security models may not interfere with one another. Through the implementation of this model, an organization can assure that covert channel communication is not occurring since information is unable to go beyond security boundaries. All data access attempts are independent, and they have no relation to other attempts at accessing data.

Covert channel communication is a violation of the policy that is kept from users and the owners of information systems.

Brewer and Nash Model

The Brewer and Nash model is also called the Chinese Wall model. Under this model, the subject is allowed to write to the object if and only if the subject is not able to read an object belonging to another data set.

This model has been developed to provide access controls that may dynamically alter according to the user’s previous actions. The key objective of the Brewer and Nash model is to avoid conflict of interest created through user access attempts.

Graham-Denning Model

Three components comprise the Graham-Dening model – rules, subjects, and objects. It involves a more granular approach towards interaction taking place between objects and subjects.

The Graham-Denning Model makes use of the following eight rules.

  • Transfer Access
  • Grant Access
  • Delete Access
  • Read Object
  • Create Object
  • Destroy Object
  • Create Subject
  • Destroy Subject

Harrison-Ruzo-Ullman Model

Under the Harrison-Ruzo-Ullson Model, access rights, objects and subjects are matched to the access matrix. From this, it can be seen that it is an adaptation of the Graham–Denning Model.

The HRU model utilizes the following six basic operations.

  • Create object
  • Destroy object
  • Create subject
  • Destroy subject
  • Enter right in the access matrix
  • Delete right from the access matrix

Security Modeling

Security modeling outlines how the security policy will be practically implemented.

A security model will cover several key facets central to information security, like how data may be accessed, the level of security under which access is allowed, and equally importantly, what steps to follow if there’s a change in requirements.

Suppose the security policy states that all users are to be authorized, authenticated, and identified before being granted access to network resources. The security model will then show the access control matrix that will fulfill all security policy requirements.

Likewise, if the security policy dictates that no user coming from a lower level of security may be allowed to read or alter the information contained at a higher security level, then the security model will state the logic and rules that will allow these rules to be followed.

Thus, it can be seen that security modeling is paramount for bolstering the reliability and resilience of information security systems.

Conclusion of Security Modeling for Reliability and Resilience

In the information security space, security modeling entails using techniques and methods for authenticating security policies within the enterprise. Security modeling for reliability and resilience purveys tight controls for enforcing basic security concepts and streamlines the whole process.

Taking the security model into consideration, the organization may opt to enforce current security models. It may alternatively decide to create explicit modifications within it to create a new customized model according to given requirements.