Bell-LaPadula Security Models
This Security Model was developed by Bell and La Pula at the Mitre Corporation in 1973. The Model was developed because there was need by the Air force to achieve security in time-sharing systems to mitigate Operating Systems Bugs and prevent Accidental Misuse. This model was aimed at helping demonstrate that a computer has capabilities to securely process information that is considered classified. The model contains a schematic recount of a set of entities and relationships that include a specified set of security services provided by or within a scheme.
This multi-level model was established within the Military Industry to help the government to control its military applications. In this model, objects and subjects are segregated into different security levels; for example, classified personnel has no authority to read data within the “confidential” segment. Other classifications like “Top-Secret” data cannot be written into the files that exist within unclassified levels. Two types of access control exist in this model: mandatory access level whereby there is a means established to restrict objects based on the sensitivity of information contained in that particular level, and discretionary access control, which entails a method of restricting access to objects based on their identity of the subject or group to which they belong. Conversely, these controls have discretion to a subject with authority to grant permission to another subject. To achieve this process, the model supports discretionary access control by proving access rights from a given access matrix. In essence, this multi-level model has the capacity to protect model groups according to prescribed security labels and decide user privilege using their authorized security clearance levels (UNC Computer Science, n.d.).
Application to Citi Bank’s Security System
Application of the Bell-LaPadula’s model can be used to enhance data confidentiality and controlled access to classified information. For instance, within the bank system, the model can be used to ensure that a manager does not tamper with data accessible on a lower security level. It also means that lower security levels such as bank clerks cannot view higher security level data.
Biba’s Strict Integrity Policy
The Model was created in 1977 by Mitre Corporation to address the integrity gap that was absent in the Bell-LaPadula security model and it was created for the Commercial Industry. The Biba’s strict model was aimed at addressing the need to enforce integrity in a computer system. This was achieved through the use of grouped integrity policies (discretionary and nondiscretionary), where each policy utilizes different conditions to guarantee information security. In this case, Biba’s Strict Integrity policy uses labels to define security but adopts an altered approach, whereby labels give integrity levels to both subjects and objects. Therefore, data marked with a high level of integrity becomes more accurate and reliable compared to data labeled with less integrity level. Consequently, the different integrity levels are utilized to prohibit alteration of data. Benefits associated with Biba Strict Integrity Model is that it is easy to implement and provides a variety of policies that can be selected based on need (Balon & Thabet, 2004).
Application of Biba Strict Integrity Model to Citi Bank Security System
The Biba Strict Integrity Model is a direct inverse of the Bell-LaPadula model and can be used in the bank to prevent data modification from unauthorized parties or unauthorized data modification from authorized parties. In particular and considering banks nowadays, use a complex networked system, the Biba Strict Integrity model can be used to uphold integrity of data.
Clark-Wilson Security Model
The Clark-Wilson model was established by Clark and Wilson in 1987 and updated in 1989. It is an integrity model that was designed for the Commercial Industry, providing a framework that helps in the evaluation of security in commercial application systems. The model has the capability to get two constrained and unconstrained data items and subject them to an integrity test to check for protection. Through integrity verification procedure, the data items are verified for validation and then subjected to the transformation procedure, hence changing the data items from one valid state to another. Consequently, integrity enforcement is achieved while all transformation procedures are logged, and this enables the provision of an audit trail of the data item changes. In this model, integrity can be achieved and preserved once certification and enforcement rules are practiced guaranteed by the administrator and system respectively. One of the key features of the Clark-Wilson Security model is that it only allows subjects to gain through programs, which prevents unauthorized users from modifying data or programs (Blake, 2000)
Application of the Clark-Wilson Security Model to Citi Bank Security System
As compared to the Bell-LaPadula model and the Biba Strict Security model, the Clark-Wilson model deals with systems that perform transactions. To get a better understanding of the application of this model to the bank system, consider the following example. To initiate a check deposit into his account, a bank client presents the check to the teller; the teller verifies check, stamps, and gives the client a signed check deposit slip. The bank check clearing officer will initiate a check clearance in the system, where the check is scanned, the payee account checked to ascertain there is sufficient cash in their account; and after verification, the check is either paid into the client’s account, or rejected if there is no sufficient balance in the payee’s account.
Chinese Wall Security Model
Brewer and Nash (1989) proposed a policy called the Chinese Wall Policy that addresses conflicts of interest. Therefore, this is not an integrity policy, but an access control confidentiality one. The Chinese Model was created for the Consultancy Industry with an aim to avoid conflict of interest. Key to the motivation is that a consultant should not give advice to one competitor organization if he/she has knowledge of the other organization. Data that is viewed through the Chinese Wall Model involve objects belonging to a specific company. As a result, access to certain parts of data is not controlled by their specific attributes, but by what kind of data the subject already holds access rights to. Therefore, access is in relation to read, write, or read-and-write operations.
Application of the Chinese Wall Security Model to Citi Bank
Every company’s data set is categorized into a mutually disjoint conflict of interest classes, which means the Chinese Wall Model prohibits the flow of information from Company A to B that is most certainly to cause a conflict of interest. For example, if a Consultant has insider information of Citi Bank, he/she cannot give that information to another bank. However, the Consultant is free to give information to more than one organization if they are not competitors of any kind and there is no conflict of interest (Hsiao & Hwang, 2013).
Balon, N., and Thabet (2004). The Biba Security Model. Available at: https://pdfs.semanticscholar.org/7360/c680906617622f27ef2596c7efcc902795db.pdf
Blake, S. Q. (2000). The Clark-Wilson Security Model. Retrieved from http://www.softpanorama.org/Access_control/Security_models/clark_wilson.shtml
Hsiao, Y.-C., & Hwang, G.-H. (2013). Chinese wall security model for workflow management systems with dynamic security policy. Journal of Information Science and Engineering, 29(3), 417-440.
UNC Computer Science (n.d.). Bell LaPadula Model. Retrieved from http://www.cs.unc.edu/~dewan/242/f96/notes/prot/node13.html
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more