UNIT 2:​

1. Access Control Models

Access control models define rules and policies that regulate how users can access resources.
They ensure security goals such as confidentiality, integrity, and availability.

2. Confidentiality Policies
Goals of Confidentiality Policies

●​ Prevent unauthorized access to sensitive information.

●​ Ensure that only users with proper clearance can access certain data.
●​ Commonly used in military, government, and corporate environments.

Bell-LaPadula (BLP) Model

The Bell-LaPadula model focuses on data confidentiality. It restricts access to information

based on hierarchical security levels.

Key Principles of Bell-LaPadula Model

1.​ Multilevel Security:

○​ Defines security levels such as Top Secret, Secret, Confidential, and
Unclassified.
○​ Users are assigned clearance levels, and data is classified accordingly.
2.​ Main Rules:
○​ "No Read Up" (Simple Security Rule):
■​ A user cannot read data at a higher classification level.
■​ Example: A "Confidential" user cannot read "Top Secret" files.
○​ "No Write Down" (Star Security Rule):
■​ A user cannot write to a lower classification level.
■​ Prevents information leakage by ensuring sensitive data is not written
into lower-security documents.
○​ Strong Star Rule:
■​ A user can only read and write at the same level.
■​ Prevents both unauthorized reading and writing.
3.​ Structure and Implementation:
○​ Uses a lattice-based access control system.
 ○​ Mandatory Access Control (MAC): Access is strictly enforced based on
security levels.

Use Cases

●​ Used in government, military, and classified projects to prevent unauthorized data

access.

3. Integrity Policies
Goals of Integrity Policies

●​ Maintain accuracy, consistency, and trustworthiness of data.

●​ Prevent unauthorized modifications or data corruption.

Biba Integrity Model

The Biba Model is the opposite of Bell-LaPadula. Instead of confidentiality, it enforces data
integrity.

Key Principles of Biba Model

1.​ "No Read Down" (Simple Integrity Rule):

○​ A subject cannot read data from a lower integrity level.
○​ Example: A high-trust software should not read unverified user inputs.
2.​ "No Write Up" (Star Integrity Rule):
○​ A subject cannot write data to a higher integrity level.
○​ Prevents untrusted applications from modifying high-integrity data.
3.​ Strong Star Rule:
○​ A subject can only read and write at the same integrity level.
○​ Ensures that only trusted applications modify trusted data.

Use Cases

●​ Used in financial systems, operating systems, and medical records to ensure data
remains unaltered.

Lipner’s Integrity Matrix Model

●​ Combines Biba's Integrity Model with Bell-LaPadula for both confidentiality and
integrity.
 ●​ Defines roles for users, data classifications, and access control policies.

Lipner’s Integrity Matrix Model (IMM) in the context of computer security, particularly focusing
on integrity principles. It combines the Bell-LaPadula (BLP) model (which enforces
confidentiality) and the Biba model (which enforces integrity) to create a hybrid policy for
securing commercial systems.

Key Takeaways from Lipner’s Model:

1.​ Separation of Duty – Critical steps in a process should be handled by different

individuals to reduce risk.
2.​ Separation of Function – Development and production should be strictly separated to
prevent unauthorized modifications.
3.​ Auditing – Logs and audit trails ensure accountability and recovery.
4.​ IMM Structure:
○​ Confidentiality Levels: Audit Manager (AM) and System Low (SL).
○​ Confidentiality Categories: Production (SP), Development (SD), and System
Development (SSD).
○​ Integrity Classifications: System Program (ISP), Operational (IO), and System
Low (ISL).
○​ Integrity Categories: Development (ID) and Production (IP).

Main Challenges:

●​ The model enforces strict integrity but requires modifications (e.g., handling transitions
between development and production).
●​ It may not be the most intuitive approach and could benefit from a completely new
modeling paradigm.

Clark-Wilson Integrity Model

Developed by David Clark and David Wilson for commercial security.

Key Principles of Clark-Wilson Model

1.​ Authentication: Users must be properly identified before accessing data.

2.​ Audit: All modifications must be logged to track who made changes.
3.​ Well-formed Transactions: Users cannot modify data arbitrarily—only approved
transactions are allowed.
4.​ Separation of Duties: Restricts users to specific actions based on their assigned
role.
Important Elements

●​ Constrained Data Items (CDIs): Protected objects (e.g., financial records).

●​ Unconstrained Data Items (UDIs): Objects that are not protected.
●​ Transformation Procedures (TPs): Approved operations that modify CDIs.
●​ Integrity Verification Procedures (IVPs): Checks that CDIs remain accurate.

Use Cases

●​ Used in banking, financial institutions, and enterprise software to maintain

transaction integrity.

Availability Issues and Policies

What is Availability in Information Security?

●​ Availability means that authorized users can access and modify information when
they need it.
●​ It ensures that important data and systems are always accessible to the right people.
●​ If availability is compromised, users cannot access critical resources, affecting
productivity and operations.

Why is Availability Important?

●​ Without availability, businesses, hospitals, banks, and other organizations cannot

function properly.
●​ Loss of access can lead to financial losses, operational disruptions, and a loss of
trust.
●​ Some sectors, like healthcare and emergency services, rely heavily on data
availability. A failure could have life-threatening consequences.

Factors Affecting Availability

Several issues can disrupt system availability, including:

1.​ Cyber Attacks:

○​ DDoS (Distributed Denial of Service) attacks flood a system with traffic,
making it slow or completely inaccessible.
○​ Malware (viruses, ransomware) can damage or lock data, making it unusable.
2.​ Technical Failures:
○​ Hardware failures (broken servers, storage crashes).
○​ Network outages (internet connection issues, cable cuts).
3.​ Natural Disasters:
○​ Earthquakes, floods, hurricanes can damage infrastructure.
 4.​ Human Errors:
○​ Accidental deletion or modification of important data.

Types of DoS (Denial of Service) Attacks

●​ Volume-Based Attacks: Overload a system with excessive traffic (e.g., UDP flood,
ICMP flood).
●​ Protocol Attacks: Exploit weaknesses in system protocols (e.g., SYN floods, Ping of
Death).
●​ Application Layer Attacks: Target specific applications to slow them down (e.g., HTTP
floods).
●​ Advanced Persistent DoS (APDoS): Sophisticated and prolonged attacks using
multiple methods.

Examples of Real DoS Attacks

●​ 2016 Dyn Attack: A massive cyberattack disrupted internet services worldwide.

●​ 2018 GitHub Attack: One of the largest recorded DoS attacks that temporarily took
GitHub offline.

How to Protect Availability? (Policies)

Organizations can take several steps to ensure data availability:

1.​ Redundant Systems: Have backup servers and power supplies.

2.​ Backup & Recovery: Regularly back up data to prevent permanent loss.
3.​ Incident Response Plan: Have a clear action plan for handling attacks or failures.
4.​ Security Controls: Use firewalls, intrusion detection systems (IDS), and access
control to block attacks.
5.​ System Monitoring: Continuously check network health to detect threats early.
6.​ Employee Training: Teach employees to avoid phishing emails and other risky
behaviors.
7.​ DoS Protection Services: Use third-party services that filter out malicious traffic.
8.​ Regular Updates: Keep software updated to fix security vulnerabilities.
9.​ Intrusion Prevention Systems (IPS): Detect and block malicious activities.

Hybrid Policies: Special Security Models

Some organizations need specialized security models:

Chinese Wall Model (Brewer and Nash Model)

●​ Used in businesses to prevent conflicts of interest.

●​ Example: If an advisor works with Bank A, they cannot work with Bank B because it
could create a conflict.
●​ Information is grouped into conflict of interest (COI) classes to prevent unethical
behavior.

Clinical Information Systems Security Policy

●​ Designed for protecting patient medical records.

●​ Ensures patient confidentiality, proper authentication, and data integrity.
●​ Only authorized clinicians can access or update medical records.

Final Thoughts

●​ Availability is a key part of cybersecurity, ensuring systems remain accessible to

authorized users.
●​ Organizations must implement preventive measures to protect against cyber threats,
technical failures, and disasters.
●​ Special security policies like the Chinese Wall Model and medical security policies
help handle unique industry needs.