Question

Select at least three security models and define them such that nonsecurity stake holders can comprehend the models.

Answer 1

The security models taken into account are:

• Lattice Models
• Bell-LaPadu Confidentiality Model
• Biba Integrity Model

Definition in aspects of nonsecurity stake holders

Lattice Models:

Lattice models can be defined as the mathematical models, that relies itself on the various entities of a group, i.e.

• set of groups or elements of the group
• relational definition in whole or partial manner within the above defined set
• Defining unique least upper bound and greates lower bound for the properties of the elements of the sets.

For the nonsecurity sstake holders the above can be comprehended by, implementing the mathematics by defining the lttice for the individual employees, that is defining the individual or the group of employees within the stake holdering organization.

and forther more reconfiguring the set of rules as prescribed in the lattice definition for the individual or the group.

Bell-LaPadu Confidentiality Model

• This model is amongst the first ones to implement mulitlevelsecurity policies, for the Architectural paradigm.
• It enables and focuses on the principles of different clearance levels (top secret, secret, confidential)
• Te simple rules for the model:
  • Simple security rule: It ensures that the one at lower security level, does not have the clearance to read the information residing at the higher security level.
  • Star Property Level: This ensures that the one at lower security level, does not have the clearance to write the information residing at the higher security level.

The above model can enable the stake holders to define the rules for accessing the information at the particular level of the hierarichy at the organization.

Biba Integrity Model:

• This model also inherits it's properties from Bell-LaPadu Confidentiality Model
• Along with confidentiality this also addresses integrity of the data
• The rules here implemented are as follows:
  • Simple Integrity Rule: This states the restrictions in reading the data at lower integrity level.
  • Star Integrity Rule: This ensures the restriction in write permission for the data at higher integrity level.
  • Invocation Property: It ensures the communication standards between lower and higher level at the organization.

This implementattion in aspect of stakeholders is required for establishing a chain and line of communication between the different levels of individuals at the hierarchy.