ITEC 106:

Systems Security

Eden May T. Terte

BSIT 4-4
201213058

August 20, 2015

Contents
Security Models ....................................................................................................... 3-4

Assignment No. 6

Brewer and Nash model

David Brewer and Michael Nash first published the Chinese Wall Security Policy in 1989, citing as their influence the Clark-Wilson model of computer security. The
Clark-Wilson model drew attention to the computer security requirements of business
applications, departing from existing security models that emphasized the demands of
military and intelligence agencies yet offered little guidance for commercial applications.
Brewer and Nash devised their Chinese Wall model to demonstrate its sound reasoning
as a commercially-oriented model and to invite comparison with alternatives. The authors
focused their comparison on the Bell-LaPadulamodel, adopting Bell-LaPadulas concepts
of subjects, objects, and security labels to facilitate the direct comparison.

Capability-based security
Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a
key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. A user program on a
capability-basedoperating system must use a capability to access an object. Capabilitybased security refers to the principle of designing user programs such that they directly
share capabilities with each other according to the principle of least privilege, and to the
operating system infrastructure necessary to make such transactions efficient and secure.
Capability-based security is to be contrasted with an approach that uses hierarchical protection domains.

Clark-Wilson modell
The Clark-Wilson security model is based on preserving information integrity
against the malicious attempt of tampering data. The security model maintains that only
authorized users should make and be allowed to change the data, unauthorized users
should not be able to make any changes, and the system should maintain internal and
external data consistency.

Context-based access control (CBAC)

Context-Based Access Control (CBAC) is a per-application control mechanism
that adds advanced traffic filtering functionality to firewalls that isnt limited, as are access lists, to examining packets at the network or transport layer. While CBAC examines
both of these layers, it also examines the application-layer protocol data to monitor the
3

state of a given TCP or UDP session. This means, as multiple channels are created or
used by applications such as SQL*Net, FTP, and RPC, CBAC can respond by creating
temporary openings in the firewall access lists to allow return traffic and additional data
connections for specified sessions that originated from within the protected network. This
application-layer awareness and capability to evolve with the traffic is beyond the capabilities of access list technologies.

Graham-Denning model
The Graham-Denning Model is a computer security model that shows how subjects and objects should be securely created and deleted. It also addresseshow to assign
specific access rights. It is mainly used in access controlmechanisms for distributed systems.

Lattice-based access control (LBAC)

Lattice-based Access Control (LBAC) is a security access methodology that assigns access permissions to both users and objects, creating a grid or lattice layout. A
user cannot access an object with a security level greater that his/her own on the lattice.
LBAC is a form ofMandatory Access Control.

Multi-level security (MLS)

Multilevel security (MLS) is a technology to protect secrets from leaking between
computer users, when some are allowed to see those secrets and others are not. This is
generally used in defense applications (the military and intelligence communities) since
nobody else is nearly as paranoid about data leaking. A modern wrinkle on this is called
cross domain systems (CDS) in which we speak of domains instead of levels, and are
usually sharing data on computer networks instead of individual computers.

Non-interference (security)
Non-interference is a strict multilevel security policy model, first described by
Goguen and Meseguer in 1982, and amplified further in 1984. The noninterference model
ensures that actions that take place at a higher security level do not affect actions that take
place at a lower level. The goal of a noninterference model is to strictly separate differing
security levels to assure that higher-level actions do not determine what lower-level users
can see. This is in contrast to other security models that control information flows between
differing levels of users, By maintaining strict separation of security levels, a noninterference model minimizes leakages that might happen through a covert channel.
4

Object-capability model
The object-capability model is a computer security model based on the Actor
model of computation. The name object-capability model is due to the idea that the
capability to perform an operation can be obtained by the following combination: The security model relies on not being able to forge references; see Synthesizing addresses of
actors.

Role-based access control (RBAC)

Role-based access control (RBAC) is a security feature for controlling user access to tasks that would normally be restricted to the root role. By applying security
attributes to processes and to users, RBAC can divide up superuser capabilities among
several administrators. Process rights management is implemented through privileges.
User rights management is implemented through RBAC.

Take-grant protection model

The take-grant protection model is a formal model used in the field of computer
security to establish or disprove the safety of a given computer system that follows specific rules. It shows that for specific systems the question of safety is decidable in linear
time, which is in general undecidable. The model represents a system as directed graph.