Security Models

Bell-LaPadula Model
The Bell-LaPadula model is a state machine model that is designed to enforce very strict access control to data. It does this by grouping objects of a system into different “states”, based on defined levels of security. When some subject wishes to move to a different state, he or she must execute a state transition, which requires a transition function to be executed. If the subject’s clearance level (plus any other type of security related factors that the system requires) is above, or at least at the required level, the transition will execute. This is where the read down, write up policy comes into play. If you are at a certain security level, you may read anything at, or below, your level. However, if you attempt to access objects in a state where your clearance will cause the transition function to reject you, you will not be able to view that data. As with writes, of course you cannot write to a state of lower clearance than you, because then that data would be viewable by people who have lower clearance levels.

BIBA Model
The BIBA model is also a state based model that basically has a very similar set up in terms of states and transitions. The biggest difference is that the BIBA is a read up, write down model. This works in a similar manner of a basic chain of command setup. A person at the top of the chain may write something that is viewable by all others following in the chain. Conversely, the top of the chain would have no interest in reading something written by someone at the bottom of the chain.

Chinese Wall Model
The Chinese Wall model is a model which is designed to control how much information is being accessed. The metaphor is that you are building a wall around yourself. Each object is grouped into different classes, an example would be that banks would be a class and maybe tech companies would be another class. You are free to access any bank in the bank class that you want, but once you do this, you are no longer allowed to access information about any other bank in the bank class. This model is different from the other models because it is focused on hiding specific information from a subject. At the start, you are free to see any information you want, which is much different than the other two models.