What are the 5 Major Types of Classic Security Models?

  • Home
  • Blog
  • What are the 5 Major Types of Classic Security Models?
What are the 5 Major Types of Classic Security Models?

Security models depict the essential elements of security and their relation to the operating system’s performance. No organization can protect its sensitive data or information without having efficient and effective security models. It is possible to say that the principal goal of security models is to give the necessary degree of understanding required for the effective and successful implementation of essential security needs. 

Security models for information are the methods used to verify security guidelines. They are expected to give specific directions that a computer will follow to implement the essential security procedures, processes, and concepts of the security software. These models may be a bit abstract or intuitive. Security models are the directional signs of security in operating systems.

These models are utilized to achieve security goals, i.e., Confidentiality, Integrity, and Availability. Put it is a model for CIA Triad maintenance. There are five major types of Classic Security Models.

  • Bell-LaPadula
  • Biba
  • Clarke Wilson Security Model
  • Brewer and Nash Model
  • Harrison Ruzzo Ullman Model
  1. Bell-LaPadula

The ModelModel was created in the 1950s by Scientists David Elliot Bell and Leonard .J. LaPadula.Thus the ModelModel is known as Bell-LaPadula Model. Bell-LaPadula Model. This ModelModel is used to protect the security of confidentiality. In this case, the classifications used to classify Subjects(Users) and Objects(Files) are arranged in a non-discretionary manner and about various layers of secret.

It has three primary rules:

  • SIMPLE CONFIDENTIALITY RULE: The Simple Confidentiality Rule says that the Subject can read the files on the same Layer of Secrecy and the Lower Layer of Secrecy but not the Higher Layer of Secrecy because of this, this rule is known as No-Read-UP.
  • Star Confidentiality Rule 2: This rule stated that the Subject is only able to write the document on the same layer of secrecy but not able to write in the lower Layer of Secrecy, and that is why we called this rule a No Write-down
  • The STRONG STAR CONFIDENTIALITY Rule: Strong Star Confidentiality Rule is highly secure and robust that states that the Subject can read and write documents on the same Layer of Secrecy only, and not on the upper Layer of Secrecy or the Lower Layer of Secrecy This is why this rule is referred to as NO READ WRITE and DOWN.
  1. Biba

This ModelModel was developed in the work of Scientist Kenneth .J. Biba. Therefore, this ModelModel is known as Biba Model. This ModelModel is used to safeguard security by ensuring Integrity in Security. The classifications used to classify Subjects(Users) and Objects(Files) are arranged in a non-discretionary way about various secret layers. This is the exact opposite to that of the Bell-LaPadula Model.

It is comprised of 3 Rules:

  • SIMPLE Integrity RULING: According to this rule, the subject can read the file on the same and upper layer of secrecy but cannot read the lower Layer of Secrecy; because of this, it is also known as NO-READ-Down. 
  • Star Integrity Rule: This rule states that the Subject can only write files that are on the same and the Lower Layer of Secrecy but cannot write on the upper Layer of Secrecy because of this, we called this rule a NO WRITE-UP
  • STRONG STAR INTEGRITY RULE
  1. Clarke Wilson Security Model

Model is a highly secure model that is highly secured. It includes the following elements.

  • SUBJECT: It’s any user who requests Data Items.
  • CONSTRAINED DATA ITEMS: They are not accessible directly from the user. These must be accessible through the Clarke Wilson Security Model.
  • Unconstrained DATA ITEMS: They can be directly accessed via the Subject.

The Components of Clarke Wilson Security Model

  • TRANSFORMATION PROCESS This is where the Subject’s request to gain access to the constrained Data Items is processed via the Transform process, which transforms it into permissions and forwards it to the Integration Verification Process
  • Integration VERIFICATION Process: Integration Verification Process will perform authentication and authorization. The Subject will be granted access to the restricted data items if the process succeeds.
  1. Brewer and Nash Model

The ModelModel is also referred to as “the Chinese wall model. It can eliminate conflict of interest by preventing individuals, like consultants, from signing onto more than one COI, i.e., rows of interests categories. The modification of access control policies is based on the behavior of users. This means that if a user who has access to the data is on the other side, they cannot access data from the other side or are unavailable to the same user.

  1. Harrison Ruzzo Ullman Model

Harrison’s Ruzzo Ullman model is also an add-on model to the BLP model. The Bell-LaPadula model lacks a mechanism for changing access privileges or creating or deleting objects or subjects. This Model, the Harrison Ruzzo Ullman Model, fixes the issue by authorizing the structures to be used for access rights distribution and checking compliance with the policy that prohibits access to non-authorized users. This Harrison Ruzzo Ullman Model can be implemented through an Access Control list or Capabilities List.