An important element in the design and analysis of secure systems is the security model, because it integrates the security policy that should be enforced in the system. A security model is a symbolic portrayal of a security policy. It maps the requirements of the policy makers into a set of rules and regulations that are to be followed by a computer system or a network system. A security policy is a set of abstract goals and high-level requirements, and the security model is the do's and don'ts to make this happen.
You should know about several important security models even though describing them in detail is beyond the scope of this book:
The Bell-LaPadula Model (BLM), also called the multilevel model, was introduced mainly to enforce access control in government and military applications. BLM protects the confidentiality of the information within a system.
The Biba model is a modification of the Bell-LaPadula model that mainly emphasizes the integrity of the information within a system.
The Clark-Wilson model prevents authorized users from making unauthorized modification to the data. This model introduces a system of triples: a subject, a program, and an object.
The Access Control Matrix is a general model of access control that is based on the concept of subjects and objects.
The Information Flow model restricts information in its flow so that it moves only to and from approved security levels.
The Chinese Wall model combines commercial discretion with legally enforceable mandatory controls. It is required in the operation of many financial services organizations.
The Lattice model deals with military information. Lattice-based access control models were developed in the early 1970s to deal with the confidentiality of military information. In the late 1970s and early 1980s, researchers applied these models to certain integrity concerns. Later, application of the models to the Chinese Wall policy, a confidentiality policy unique to the commercial sector, was developed. A balanced perspective on lattice-based access control models is provided.