Week 3 project

Running Head: SECURITY MODELS 1

SECURITY MODELS 7

Security Models

Institution Affiliation

Date

Introduction

A security model is used to particularly define vital components of security and how they are related to the performance and the working of the operating system. No organization can keep its data and crucial information that is delicate without an efficient and effective security model in place. The major purpose of having a security model is to ensure that the needed capacity of understanding is present. This ensures the successful and effective implementation of significant protection requirements. Through security models, it is easier to validate security policies and procedures to ensure the delivery of specific instructions that a computer can obey. Security models are used for control purposes to determine how the model will be implemented, who is allowed access to the system, and what objects can access the security models and policies development. These security models can either be abstractive or intuitive. There are five popular models but we are going to discuss three major ones which include; Bell-LaPadula, Biba, and Clark Wilson models. The discussion will focus on why the three models were chosen, how similar and different they are, and a recommendation on which one should be used and the reason as to why.

Three Security Models

Bell-LaPadula Model

The United States Department of defense was the first one to develop the Bell-LaPadula model. The model was the first mathematical model of a security policy that gives an explanation of the aspects of a protected state and the means of accessing the state. When using this model, it is easier to ensure that the data is flowing smoothly in that it does not interfere with the system policy and that it is focused on confidentiality. The definition of this model is best given by the following properties. Security property, strong tranquility property, and weak tranquility property (Tsaregorodtsev et al.., 2019).

Biba Model

The model has some similarities with the Bella-LaPadula model although it does not focus much on confidentiality. Biba's model mainly focuses on integrity and is manipulated in situations where confidentiality is essential. Many governmental departments are focused on confidentiality while on the other hand, most commercial enterprises are focused on ensuring that integrity is at the highest level when it comes to the security of delicate data and other relevant information. When integrity security is essential, then the Biba model is the best choice to make. Two simple rules governing this model are simple integrity axiom and integrity axiom (Balon & Thabet, 2015).

Clark Wilson Model

It is also known as the integrity model since it provides a basis for specifying and evaluating a computing policy through an integrity policy and procedure. The model mainly deals with two kinds of items. They include constrained data items and unconstrained data items. There are two relations in this model namely integrity verification procedure and transactions procedure. Integrity verification procedure has its focus on ensuring that the transaction procedure leading to constrained data items are in the correct state and valid transformation fulfills all transaction procedures (Blake, 2020). Although the transaction procedures that are in charge of controlling the constrained data items must be authorized through proper implementation.

Explain why the three models were chosen

The Biba model was chosen since it is simple and easy to implement in organizations both government departments and businesses. Unlike the Bell-LaPadula model, the Biba model can deal with data integrity. It also provides several distinct policies and procedures that can be selected depending on the current situation and need (Balon & Thabet, 2015).

The Bell-LaPadula model was selected since it can emphasize confidentiality and access to information which is the main focal point of businesses and other organizations. Companies or government departments that use this model have an assurance that no intruder can interfere or hack their data due to protected and restricted access. There is also a smooth flow of information which is authorized depending on the property related to certain subjects and data items (Tsaregorodtsev et al.., 2019).

Clark Wilson model was chosen since it is capable of protecting the integrity of data by ensuring that access to objects is through installed programs. It is possible to limit the capabilities of subjects when using this model. The model also manipulates well-formed transactions and segregation of responsibilities to ensure enforcement of security policy.it was also selected since it focuses on integrity and how it is crucial to the business environment. it is also easier to develop the best security systems for commercial environments among others (Blake, 2020).

Explain how the models are similar

Both Biba and Bell-LaPadula model uses formal languages. Although the Clark Wilson model was developed after the development of Biba model, both of these two models focus on data integrity. All three models have either rules or properties governing them. Biba, Bell-LaPadua, and Clark Wilson models must have their focus on the three-pillar approach. This is to say that models must be focused on either one or two of the components of the security model. These components include confidentiality, integrity, and availability. Biba and Bell-LaPadula security models are designed to protect and ensure the confidentiality of data (Mosca, Stebila & Ustaoğlu, 2017).

Explain how the models are different

Bell-LaPadula model has its emphasis on data confidentiality as well as limited access to information that is classified. On the other hand, the Biba model has its main focus on describing the rules that are responsible for the protection of data integrity. The design of the Biba model is focused to prevent data or information from flowing to a high-security level from a low-security level while Bell-LaPadula prevents data from flowing to a low-security level from a high-security level. Biba model was developed to have its focus on three main issues related to integrity. These issues include the protection of data modification through unauthorized subjects, the prevention of authorized subjects from modifying unauthorized objects. On the other hand, the Clark Wilson model provides computing systems through specifying and analyzing integrity policies and procedures (Shabir et al.., 2016).

Clark Wilson model also differs from the Biba model in that subjects in the Biba model are restricted while those in the Clark Wilson model are unrestricted. It then implies that in the Biba model, subjects at one level of access are allowed to only read one set of data. While on the other hand in the Clark Wilson model all subjects in other levels of access have the authority and the capability of accessing a diverse set of data. Bell-LaPadula model is different from the Clark Wilson model in that its development was only focused on addressing the issues of confidentiality related to access of data and not its integrity (Shabir et al.., 2016). Whereas the Clark Wilson model focuses on data integrity and displays compulsory methodologies that are needed to specify and analyze integrity policies and procedures for data computing systems.

Recommendation as to which one should be used and why

Although Bell-LaPadula is the most common security model which has been used over the years, I would recommend the use of the Clark Wilson security model. The fact that this model focuses on integrity gives it an advantage over other models. The integrity ensures specification and analysis of a computing system through an integrity policy. Unlike the Bell-LaPadula model which has its focus on confidentiality, without integrity, there is no complete assurance that the data is completely secured and protected. With integrity involved in the security model, confidentiality also becomes a sure bet with no doubt. The recommendation of this model is based on the fact that it prevents corruption of data objects in a system which could be as a result of errors or malicious intentions (Schotts et al.., 2019).

The model has an integrity policy to ensure data items are kept valid in a system from one state to the other. When using this model it is easier to specify the capabilities of several principals available in a computing system. The security labels available in this model ensure access to objects through transformation policies and procedures and an interface model that is restricted. This model can be used in both government and industry organizations where the integrity of information is paramount. With this model in place, it is easier to preserve information integrity against any malicious attempts of tampering with the data. The model provides a security system whose transactions are well-informed to allow the execution of only legitimate actions (Schott et al.., 2019).

Conclusion

In conclusion, security models are not only essential in government departments buts also in all aspects of life. Without security models in place, it is not easy to offer the necessary levels of understanding for a successful implementation of main security requirements. It is vital for any organization to first analyze and evaluate their need before they adopt any security model. Individuals should always consult experts in information technology before they can have any model installed for them to ensure it fits their needs and operation to ensure they can achieve their set goals and objectives through the application of one of these security models. There are five security models although the three mentioned above are the most commonly applied in business and other organizations. No security model is superior to the other it all depends on the need and the type of organization wanting to acquire the model. No entity can operate without a system. Even human beings employ the use of security models unknowingly in their day-to-day operations. The best security model is that which is easy and simple to understand as well as easy to implement to avoid resistance from other stakeholders who are unaware of security models and the role they play in an organization. A firm security model is made up of integrity, confidentiality, and protection of the data being analyzed. The main purpose of having security models in place is to ensure the confidentiality of information.

References

Balon, N., & Thabet, I. (2015). The Biba security model.

Blake, S. Q. (2020). The Clark-Wilson Security Model. Indiana University of Pennsylvania, Library Resources. Retrieved from the World Wide Web at http://www. lib. iup. edu/comscisec/SANSpapers/blake. htm, on January, 10, 2009.

Mosca, M., Stebila, D., & Ustaoğlu, B. (2017, June). Quantum key distribution in the classical authenticated key exchange framework. In International Workshop on Post-Quantum Cryptography (pp. 136-154). Springer, Berlin, Heidelberg.

Schott, M., Krätzer, C., Dittmann, J., & Vielhauer, C. (2019, January). Extending the Clark- Wilson security model for digital long-term preservation use-cases. In Multimedia on Mobile Devices 2010 (Vol. 7542, p. 75420M). International Society for Optics and Photonics.

Shabir, M. Y., Iqbal, A., Mahmood, Z., & Ghafoor, A. (2016). Analysis of classical encryption techniques in cloud computing. Tsinghua Science and Technology, 21(1), 102-113.

Tsaregorodtsev, A. V., Lvovich, I. Y., Shikhaliev, M. S., Zelenina, A. N., & Choporov, O. N. (2019). Information Security Management for Cloud Infrastructure. International Journal on Information Technologies and Security, 1313-825.