Security Model
In information security, models provide a way to formalize security policies. Such models can be abstract or intuitive. All models are intended to provide an explicit set of rules that a computer can follow to implement the fundamental security concepts, processes, and procedures that make up a security policy. The models offer a way to deepen your understanding of how a computer operations system should be designed and developed to support a specific security policy. No system can be totally secure; security professionals have several security models to consider.
Let’s say you work for one of the following types of industry:
- Manufacturing
- Government
- Research
- Service
- Consulting
Choose a different industry than from last week’s discussion, and then from the list below, select a model and summarize the model as you understand it. State why you might use this model in your job. Include at least one advantage and disadvantage of the model you’ve chosen. Include a real-life example of the model in use.
Make sure to include any special or unique security feature for the model.
- Trusted computing base
- State machine model
- Information flow model
- Noninterference model
- Take-Grant model
- Access control matrix
- Bell-LaPadula model
- Biba model
- Clark-Wilson model
- Brewer and Nash model (also known as the Chinese wall)
- Goguen-Meseguer model
- Sutherland model
- Graham-Denning model