According to Dorothy E. Denning, “the lattice properties permit concise formulations of the security requirements of different existing systems and facilitate the construction of mechanisms that enforce security.” Which of the following is not a lattice-based access control model? (Wentz QOTD)
A. Biba model
B. Clark-Wilson model
C. Brewer and Nash model
D. Bell-LaPadula (BLP) model
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Clark-Wilson model.
“A lattice is an abstract structure studied in the mathematical subdisciplines of order theory and abstract algebra. It consists of a partially ordered set in which every two elements have a unique supremum (also called a least upper bound or join) and a unique infimum (also called a greatest lower bound or meet).” (Wikipedia)
Lattice in security is commonly used to control information flow between security levels/categories or compartments. Classification and labeling are two primary characteristics of lattice-based access control.
Lattice-based Access Control
Ravi S. Sandhu reviewed three lattice-based access control models (Bell-LaPadula, Biba, and Chinese Wall) in this paper, Lattice-Based Access Control Models, which showed how the Chinese Wall policy could be enforced in a lattice framework and said:
Lattice-based access control models were developed to deal with information flow in computer systems. Information flow is clearly central to confidentiality. As we will see it also applies to integrity to some extent. Its relationship to availability is tenuous at best. Thus, these models are primarily concerned with confidentiality and can deal with some aspects of integrity.
Bell-LaPadula Model
Biba Model
Brewer and Nash model
The Brewer and Nash model classifies datasets into conflict-of-interest classes and labels them to apply access control dynamically based on the subject’s access history (aka history-based).
Clark-Wilson Model
The Clark-Wilson model has two features: well-formed transactions and separation of duties. It relies on “programs” to enforce integrity instead of controlling information flow for confidentiality.
David D. Clark and David R. Wilson said in their paper, A Comparison of Commercial and Military computer Security Policies:
This paper presents a policy for data integrity based on commercial data processing practices, and compares the mechanisms needed for this policy with the mechanisms needed to enforce the lattice model for information security. We argue that a lattice model
is not sufficient to characterize integrity policies, and that distinct mechanisms are needed to control disclosure and to provide integrity…First, with these integrity controls, a data item is not necessarily associated with a particular security level, but rather with a set of programs permitted to manipulate it. Second, a user is not given authority to read or write certain data items, but to execute certain programs on certain data items…
Reference
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
根據Dorothy E. Denning的說法,“晶格(lattice)屬性允許簡明地表述不同現有系統的安全性要求,並有助於構建實施安全性的機制。” 以下哪個不是基於晶格(lattice)的訪問控制模型?(Wentz QOTD)
A. Biba model
B. Clark-Wilson model
C. Brewer and Nash model
D. Bell-LaPadula (BLP) model
Pingback: 基於格的訪問控制模型(a lattice-based access control model) – Choson資安大小事