The Triad of Security

People have used models to create works and demonstrate consistency of creations for a very long time.  The use of model’s within security helps to characterize standards and promote efficiency when dealing with complex technologies such as integrated ownership and classification of data.  As with many tools, finding the model that is suitable for the purpose being applied will help to achieve desirable results.

            The Bell-Lapdula Model is derived from four technical reports issued between 1972 and 1974.  These reports cover three aspects with the fourth resulting in a summarization including an interpretation of the model itself.  This model is considered by many as a state-machine model and it can be classified further as and information-flow model.  Bell-Lapdula uses three properties to provide a security model that can be applied to complex systems.

            The first property is the Simple Security Property.  The intention of this property is such that there are categories of secrecy that ascend in confidentiality with the highest levels being the most protected.  For this property the subject at one level cannot read information at a higher level, but they can read information at a lower level. 

            The second property is referred to as the Star (*) Property.  The main idea behind this property is that a subject cannot write down to a lower classification level of confidentiality.  The subject can write at or above the level they are currently at.

            The third property is known as the Strong Star (*) Property.  This property dictates that a subject cannot write higher or lower.  This third property can be seen as an integration of principles used for the integrity of data.  The Biba Model (a.k.a. Biba Integrity Model), developed in 1975, is the purveyor of properties in concern with integrity.

            With the Biba model we see that there are again three governing principles that are used in an integrity-centric format for hierarchal classification of systems within a state-machine model.  Accordingly, we see that this flow of information follows a succinct order reflective of a chain of command with information being read from above, and being written at or below the subjects level.

            The first property of Biba is the Simple Integrity Property.  Integrity is preserved here by not allowing the reading of data at a lower integrity level.  This helps prevent lower levels from writing to a higher integrity level, providing the primary control for data integrity within a system.

            The second property of Biba is the Star (*) Integrity Property.  This is the property that dictates that a subject with a given authority cannot write to the level above.  This results in aiding with preventing the higher level from reading below, providing a second control for the process of this integrity preservation.

            The Invocation Property asserts that lower processes cannot request an elevated level of access.  This helps to ensure that access is only granted at or below the integrity level in relation to other subjects in the system.  The Biba Model helps to demonstrate integrity of data, while the the Bell-Lapdula model preserves confidentiality.

            These two models are an integral part of cybersecurity.  There use helps to translate security policies from organizations such as NIST, ISO, and FIPS.  The implementation of the policies through models such as Bell-Lapdula and Biba still require interpretation and implementation.  This is where experience and training help cybersecurity professionals to implement controls that are the foundation for this industry.

            Writing about Confidentiality and Integrity without mentioning Availability would be irresponsible.  When attackers cannot disrupt the confidentiality and integrity of systems and data, they turn to disturb the availability.  Availability is also compromised as these first two legs of the CIA triad are conceded.  A model for availability should revolve around the relation between the subject and the object as opposed to the relation between the subject and the level of confidentiality or integrity. 

Leave a Reply

%d bloggers like this: