From the course: CISSP Cert Prep (2021): 3 Security Architecture and Engineering
Security models
From the course: CISSP Cert Prep (2021): 3 Security Architecture and Engineering
Security models
- [Instructor] Security models provide a theoretical way of describing the security controls implemented within a system. Let's take a look at three core topics in this area. The concept of multilevel security, the Bell-LaPadula Security Model and the Biba Integrity Model. Both the Bell-LaPadula and Biba models are designed to provide security within the context of multilevel security. Now that simply means that a single computing system might be used to store, process, and transmit information of different classification levels and the users of the system might have different security clearances. For example, a system might handle confidential, secret, and top secret information, even though some users of the system don't have a top secret security clearance. The Bell-LaPadula model is designed to ensure that users of multilevel systems don't get access to information higher than their security clearance level. It has two rules that it uses to enforce confidentiality. And first, the Simple Security Rule is the basic principle of confidentiality. It says that no subject should be able to read information at a level higher than that subject's security clearance. For example, a user with a secret clearance should not be able to read a top secret file. That's pretty straightforward and this rule can be summarized as no read up. The second rule, the *-Property isn't as intuitive at first glance. The *-Property says that a subject at one security level should not be able to write information at a lower security level. As an example, our user with a secret clearance would not be able to write a file at a confidential level. The reason for this is to prevent security leaks, ensuring that the user with access to secret information can't write that information into a file accessible by users who do not have a secret clearance. This rule can be summarized as no write down. Now that probably sounds pretty difficult to implement in the real world and it is. There are very few places outside of the most sensitive military applications where security engineers attempt to fully implement the Bell-LaPadula Model. The Biba Integrity Model is similar to the Bell-LaPadula Model, but it covers integrity instead of confidentiality. The Biba Model also has two rules. The Simple Integrity Property says that a subject should not be able to read information at a security level lower than their clearance. The purpose here is to prevent corrupting the integrity of information accessed by a subject with a higher clearance level. For example, if a secret product launch is planned for tomorrow afternoon, individuals not cleared for information about that launch might have access to a decoy file that says there is an office picnic plan for tomorrow. The Biba Model would not want the person cleared for the product to accidentally read about the fake picnic and get misinformation. This rule, the Simple Integrity Property can be summarized as no read down. The *-Integrity Property says that a subject should not be able to write information to a higher security level than their clearance. For example, a user with a secret clearance should not be able to write information to a top secret file. This is to prevent the same type of information corruption as the Simple Integrity Property. And this rule can be summarized as no write up. Now, one more quick exam tip for you. The Bell-LaPadula and Biba models are often topics discussed on the exam. Now that said, these models fall into that category of information that you will need to know for the exam, but you'll rarely encounter in the real world of cybersecurity. I've been in this field for 20 years and I've never actually used these models in real life.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.