Tuesday, December 16, 2014

Security Models CISSP

Points to review for CISSP exam, I took some notes from the Eleventh Hours (Eric Conrad), please read that book, this is just some points to remember, no explanation:

Bell-LaPadula Model

Focus: Maintain confidentiality of objects.

Mean: Not allowing users at a lower security levels to access objects in a different level or superior level.


  • Simple Security Property: no read up
  • Security Property: no write down
  • Strong Tranquility Property: security level will not change while the system is operating.
  • Weak Tranquility Property: security labels will not change in a  away that conflicts with define security properties

Lattice-based access controls

For every relationship between subjects and objects they set defined upper and lower access limit inside the system.

This depend of the need of the subjects, the label of the object and the role the subject has been assigned

Biba Model

The militaries focus in confidentiality for that reason Bell-LaPadula works fine, for business integrity is VERY important, Biba address this.


  • Simple Integrity Axiom: no read down. This protects integrity by preventing bad information from moving up from lower integrity levels
  • * Integrity Axiom: no write up: This protect integrity by preventing bad information from moving up to higher levels.



This is a real world integrity model that protects integrity by requiring subjects to access objects via programs.

Clark-Wilson use two primary concepts:

  1. Well formed transaction
  2. Separation of duties
This model implement Integrity-monitoring rules and integrity-preserving rules.

Also use the Access Tripe rule

Chinese Wall Model (Brewer-Nash)

This is designed to avoid conflicts of interest:

Source: http://www.amazon.com/Eleventh-Hour-CISSP-Study-Guide/dp/1597495662

Do you want to learn more about security and how to test your network security, please go to: http://www.learn-security.net


No comments:

Post a Comment