The best way to understand the security models is to simply memorize them, since most of us have never seen some of them, and will never use them again. They are also not intuitive, so let’s get right to it!
Bell-Lapadula (BLP) – for this model, you simply need to memorize the phrase “no read up, no write down”. Using labels, it does not allow the viewing of objects that are considered of higher security, and also it does not allow modification of objects that are of lower security. The focus of this model is on confidentiality. Data hiding might be an example of this, where processes operating at one level are prevented from seeing data at another level.
There are two properties in this model:
- Simple security property (no read up)
- Star security property (no write down)
- Strong star property only write to objects at the same security classification level as the subject, or, a lateral write, so there is no write down or write up, only a “write sideways”
Biba is a model that focuses on integrity, and is the exact opposite of BLP, thus “No write up, no read down.” This also has two properties:
- Simple integrity property (no read down)
- Star integrity property (no write up)
Notice the commonality between the models and terms. The key to memorizing the properties is this:
- Simple = Read
- *Star = Write
You can also remember that the “star” indicates “write” because in computing when you change/write something, a star typically appears on the file to indicate that you have unsaved changes.
Be aware of the invocation property as well, which is the third property of Biba that states that subjects cannot send logical service requests to an object of higher integrity.
So if we were to say “simple security” this would mean no read up, because simple = read. The “star security” property would mean no write down, because star = write, and you would know this refers to the BLP model.
If we are to say “Simple integrity property” which model would this refer to?
That’s right, Biba.
Simple means “read”, and integrity refers to the Biba model, thus a “simple integrity” property means no read down, indicating the Biba model. Consequently a Star integrity property would mean no write up
BreWer Nash has a “W” in it, and is sometimes referred to as the Chinese Wall model, because it prevents users from accessing one another’s files, in other words it prevents conflict of interest.
Clark-Wilson has an “eye” (i) in it, and conveniently this model also is concerned with integrity.
Notice the letters matching, so repeat the following:
- Brewer – the W is for wall
- Wilson – the i is for integrity
You can learn about the other models (Graham Denning, Harrison, Ruzzo, Ullman) in the thicker books, which also delve deeper into the functioning of these models.