What are the 3 Major Types of Classic Security Models?
Security Policies

Security Models

Security Models define the link between operating system performance and information security models. Effective and efficient security models protect enterprises’ sensitive and significant information or data. The information security models are used to validate the security policy. They provide the computer with a precise set of instructions for implementing critical security processes, methods, and ideas specified in a security programmes. They define the security problem in data streams.

Security Models and Security Policy

To map the intellectual property of an information system, security models are used to analyze and validate the security policy. They are used to express the mathematical and analytical ideas that programmers generate. These concepts are linked to the system requirements via computer code.

These concepts uphold the rogue cybersecurity property purpose of confidentiality, integrity, and availability.

There are three main types of classic security models 

  1. Bell-LaPadula model
  2. Biba model
  3. Clarke Wilson Security model

Bell-LaPadula Classic Security Models 

It follows three types of basic rules-

Because this model was created by David Elliot Bell and Leonard.J. LaPadula, it is known as the Bell-LaPadula model. This approach is used to secure information secrecy. It specifies the capabilities of a multilayer security system. It is the first mathematical model that prohibits unwanted access to confidential information.

In this image, the user and data are organised in a non-discretionary manner in terms of several layers of secrecy.

Simple confidentiality rule

Star confidentiality rule

The strong star confidentiality rule

Security Models

A simple rule of secrecy

This rule is known as the NO READ-UP rule since it indicates that only the user can read files on the same layer and lower layer of secrecy but not files on the upper layer.

The rule of star secrecy

The NO WRITE-DOWN rule specifies that a user can write files on the same layer of secrecy and the upper layer of secrecy but cannot read files on the lower layer of secrecy.

Strong secrecy rule for stars

This rule is known as NO READ WRITE UP DOWN because the user can only read and write files on the same layer of secrecy and cannot read or write files on the higher and lower layers of secrecy. This is the most solid and powerful rule in Bell-LaPadula.

Biba Classic Security Models

The model was named for its creator, Kenneth.J. Biba. This model is used to assure the accuracy of data.

It follows 3 rules:

  • Simple integrity rules
  • Star integrity rules
  • Strong star integrity rule

Simple integrity principles

Because the user may only read files on the same layer of secret and upper layer of secrecy, but not on the lower layer of secrecy, this rule is known as the NO READ-DOWN rule.

The star integrity rule

Because users may only read files on the same and lower layers of secrecy but not on the top layer of secrecy, this rule is known as the NO WRITE-UP rule.

Strong star integrity rule

This rule is known as the NO READ-WRITE UP DOWN rule because the user can only read and write files on the same layer of secrecy but not on the higher or lower layers. This rule is extremely secure and is the most powerful rule in Bell-LaPaulda.

Clarke Wilson Security Design

This model offers the maximum level of security to the security model. It consists of the following entities:


The data elements are requested by the user.

Items with limited data

Users cannot directly access limited data objects. The Clarke Wilson Security Model is used to get access to it.

Unrestricted data item

Users can directly access it.

The following processes can be used to access the restricted data:

1. The transformation procedure

The transformation procedure can handle limited data items requested by the user. The procedure changes it to authorization before passing it on to the integration verification step.

2. The verification of the integration process

It is responsible for permission and authentication. If the verification is successful, the user gains access to the restricted data items.

Cyber Security

Common Errors of Security Models

There is a misunderstanding between the concepts of confidentiality and integrity. In layman’s terms, secrecy means that information should not get into the wrong hands. Data integrity demonstrates data veracity. This means that only authorized and lawful individuals have access to the permitted material or information.

Rogue Logics provides in-depth Data, AI/Machine Learning, Cloud and Cyber Security services for your applications, data, and infrastructure. Want a consultation with the professionals at Rogue Logics? Contact us and get a free quote.
Have any questions? Our experts are here to guide you around.