The ‘Clark Wilson Model’ and the ‘Bell-LaPadula’ models are two examples of security models. Security models were created to implement the ‘Security policies‘.
Recall, from a post long ago that ‘security policies’ is a document that lays out the rules about how an organization is planning to protect its technological and business assets.
Most models enforce the C-I-A triad of computer security. The ‘C-I-A’ triad stands for confidentiality, integrity and availability. ‘Confidentiality’ is making sure that unauthorized people do not see the data that is transmitted. Integrity means that the data must not be tampered in transit. Availability is making sure that the data is always available. Let us discuss the Bell-LaPadula model with the Clark Wilson model in this post.
- The Bell-LaPadula model
This model makes sure that the “confidentiality” aspect of the CIA triad is enforced. It was initially created for the Department of Defense(DoD)It is a subject-to-object model. It follows simple rules: “subject at certain level cannot read data at a higher security level. Similarly subject at a certain level cannot write data to a lower security level”. (Harris)
What this means, is that professionals who are at a lower seniority level cannot read the information of their seniors. Similarly, senior professionals in an organization cannot send emails to the junior level professionals.
This ensures that ‘confidentiality’ is guarded at all times.
2. The Clark Wilson model
The Clark Wilson model is an “integrity” model that was developed after the ‘Biba Model’. “Integrity” ensures that the data is not modified by anybody in an unauthorized way. It ensures the integrity of data in a commercial environment. In the Clark Wilson model, the subject accesses the object via a program. Accessing the object via a program ensures that “integrity” of the information is upheld.
This model depends on two important concepts – “separation of duties”and “well formed transactions”.
‘Separation of duties’ means any transaction has to be verified by another person before it is committed. This ensures that the transaction is not modified or tampered with.
If the transactions are well formed – for example in a banking application, then they can easily be moved from one system to another.
This was such an interesting read for a novice like me.
This is a novel and rather unknown topic for me. Thanks for the information.
Best wishes for the rest of the A2Z.
Nice post 😀