They are Classic Security Models that are used for maintaining goals of security, i.e. Confidentiality, Integrity, and Availability.
Examples of Classic Security Models:
- Bell-LaPadula Model (Confidentiality Model)
- Biba Integrity Model (Integrity Model)
- Clark-Wilson Model
- Chinese Wall Model
1.) Bell-LaPadula Model (BLP Model):
The Bell-LaPadula Model is a formal security model focused on maintaining the confidentiality of information by preventing unauthorized disclosure.
- It was originally developed for use in military and government systems where protecting sensitive information is critical.
- Used in scenarios where the primary concern is ensuring that sensitive information does not fall into the wrong hands (e.g., national security systems).
→ Key Principles of the Bell-LaPadula Model
1.) Simple Security Property (No Read-Up)
It states that a subject (user) can only read files at the same or lower level of secrecy but cannot read files at a higher level of secrecy.
- This rule is called “No Read-Up” because it prevents access to information classified at a higher level than the user’s clearance.
- Example: A user with “Confidential” clearance cannot access “Top Secret” documents.
2.) Simple * Property (No Write-Down)
It states that a subject (user) can only write to files at the same or higher level of secrecy but cannot write to files at a lower level of secrecy.
- Example: A user with “Top Secret” clearance cannot write information to a “Confidential” or “Unclassified” file, as this might lead to a data leak.
3.) Strong Star (*) Property:
- It states that a subject (user) can only read and write to files at the same level of secrecy.
4.) Discretionary Security Property
- Access to objects (files, documents) is controlled by access rules specified by the owner of the object.
→ Strengths of the Bell-LaPadula Model
- Ensures data confidentiality by preventing unauthorized access and leaks.
- Widely applicable to environments where information is highly sensitive, such as military or governmental institutions.
→ Limitations of the Bell-LaPadula Model
- Focuses solely on confidentiality and does not address data integrity or availability.
- Not suitable for systems where integrity (accuracy and trustworthiness of data) is a primary concern.
2.) Biba Integrity Model:
The Biba Integrity Model is a formal security model focused on maintaining the integrity of information by preventing unauthorized modification.
- It ensures that information remains accurate, consistent, and trustworthy by preventing unauthorized or improper modifications.
- Applied in environments where maintaining the accuracy and reliability of data is more critical than confidentiality (e.g., accounting systems or legal records).
→ Key Principles of the Biba Model
1.) Simple Integrity Property (No Write-Up)
It states that a subject (user) can only write to files at the same or lower integrity level but cannot write to files at a higher integrity level.
- Example: A junior employee in an organization cannot make changes to high-level financial reports.
2.) *-Integrity Property (No Read-Down)
It states that a subject (user) can only read files at the same or higher integrity level but cannot read files at a lower integrity level.
- Example: A system administrator working with high-integrity data cannot read files from an unverified or low-integrity source.
3.) Invocation Property
It states that a subject (user or process) at a given integrity level cannot invoke (call upon or request services from) a subject or process at a higher integrity level.
- This rule ensures that lower-integrity subjects cannot interfere with or affect the operation of higher-integrity processes, helping maintain the integrity of critical system components.
→ Strengths of the Biba Model
- Ensures the accuracy and trustworthiness of data by preventing unauthorized changes or contamination.
- Suitable for environments where data integrity is critical, such as financial systems, healthcare records, or software development processes.
→ Limitations of the Biba Model
- Focuses solely on integrity and does not address confidentiality or availability.
- Does not prevent unauthorized access to sensitive information (e.g., does not enforce “No Read-Up” like Bell-LaPadula).