Introduction
The Bell-LaPadula is a machine-based security model that was originally used in military and political settings. It was developed by D. E. Bell and L. J. LaPadula in the 1970s and is based on the General Systems Theory language. The purpose of the model is to enforce uninterrupted access control through a non-linear method of data flow handling (Cristia & Rossi, 2021). It relies on a layered categorization, determining the rights of a subject to access an object, and remains relevant in the current environment.
Biba’s Strict Integrity Policy
Biba’s model of strict integrity originates from 1977 when it served to complement Bell-LaPadula. Integrity is the key concept of the policy by Kenneth Biba, becoming the first to reflect on whether data can become corrupted (Softpanorama, 2019). Biba’s model introduces a strong hierarchy of data subjects and objects, limiting the possibility of an interaction between different levels of integrity. This way, it aims to protect corrupted files from affecting another array of information.
Clark-Wilson
Similar to Biba’s policy, the Clark-Wilson model relies on the central concept of integrity. Developed in 1987 by David Clark and David Wilson for commercial settings, this framework aims to prevent unauthorized changes by unauthorized users, both intentional and accidental. In the Clark-Wilson model, users do not access the object directly, as an intermediary serves to ensure the integrity of the data (Jeannot, 2019). This way, the model follows similar principles as Biba’s policy, but the execution is different.
Chinese Wall
The Chinese Wall policy addresses the issues related to cloud computing in a competitive environment. It is based on the theory introduced by Brewer and Nash in 1989 and addresses the idea of conflict of interest in commerce (Fehis et al., 2016). The policy builds a virtual border between datasets belonging to competing entities and prevents one user from accessing objects from different sides of it. This way, business ethics are respected in the cloud computing environment.
Clinical Information Systems Security
The Clinical Information Systems Security model (CISS) aims to bridge the gap in data security policies. Anderson (1996) introduces this framework and states that, unlike military and commercial entities, healthcare organizations lack a security system similar to Bell-LaPadula or Clark-Wilson. CISS limits the number of users that can access a single medical record, as well as the number of records accessed by one subject. Thus, it preserves patient confidentiality within a unified data network.
Noninterference Security
The principles of the noninterference approach to data security were formulated in 1982 by Goguen and Meseguer. This approach divides data into low and high categories of inputs and outputs (Lu et al., 2019). The same division is applied to users preventing unauthorized (low) subjects from accessing high datasets. The effectiveness of this system is conditioned by the strictness of its functioning, placing additional requirements on the computer system.
Nondeductibility Security
Sutherland’s non-deductibility approach to security is based on the information theory. The functioning of this model relies on the information flow between high- and low-level objects. More specifically, such an exchange is only allowed when particular compatible variables are present (McLean, 1990). The assignment of such variables serves to limit the number of users who can access specific high-level data and can be applied in different environments.
Graham-Denning
This model was developed by G. Graham and P. Denning in 1972. It describes the optimal ways of manipulating data objects in terms of all key actions based on the Access Control Matrix. The range of manipulations, to which specific rights can be assigned, includes creating and deleting subjects and objects within the system (De Paoli, 2018). Combining these elements, the Graham-Denning model encompasses most situations, although its commands may appear primitive.
References
Anderson, R. J. (1996). A security policy model for clinical information systems. Web.
Cristia, M., & Rossi, G. (2021). Automated proof of Bell–LaPadula security properties.Journal of Automated Reasoning, 65, 463–478. Web.
De Paoli, S. (2018). The engineer–criminologist and “the novelty of cybercrime”: A situated genealogical study of timesharing systems.Internet Histories, 2(1-2), 20–37. Web.
Fehis, S., Nouali, O., & Kechadi, T. (2016). A new distributed Chinese Wall security policy model. The Journal of Digital Forensics, Security and Law, 11(4), 149–168. Web.
Jeannot, F. (2019). Clark-Wilson Security Integrity model. Web.
Lu, C., Qian, G., & Chen, T. (2019). A cloud computing security model based on noninterference.Wuhan University Journal of Natural Sciences, 24, 194–200. Web.
McLean, J. (1990). Security models and information flow. Web.
Softpanorama. (2019). The Biba Integrity Model. Web.