3

I'm currently studying for the CISSP exam and would like to ensure that I'm using proper terminology when referring to models. I'm a little confused because I'm coming across generic and specific labels; all of which seem to be referred to as "models".

For example, there are terms like Information Flow, State Machine, Non-Interference. Likewise, there are terms like Bell LaPadula and BIBA. Are these all referred to as "models"? Or is there a term used for the official/formal models?

AviD
  • 72,138
  • 22
  • 136
  • 218
Mike B
  • 3,336
  • 4
  • 29
  • 39

3 Answers3

7

Information flow, state machines and non-interference are more like 'theoretical concepts'.

You can say that the Bell LaPadula model is an implementation of an information flow concept and BIBA is a model build on a state machine concept.

I don't know if this helps.

john
  • 10,968
  • 1
  • 36
  • 43
  • Hi John. That's exactly what I wanted to know. Would you happen to know if your description is consistent with the CISSP terminology? – Mike B May 18 '11 at 21:16
  • 1
    @Mike B I'm afraid I don't know about CISSP terminology, but I can't be much different than that. What you need to know is that BLP is a model that works based on flows of information for example, so that information can't flow from high to low, either by reading or writing. – john May 19 '11 at 11:56
2

I don't think it's important to know whether these are "models". (I know nothing about CISSP, but if that's the kind of thing CISSP wants you to memorize, CISSP is inane.)

That said, yes I'd say that Bell-Lapadula and Biba might well be called theoretical security models. Non-interference is in the same territory. Information flow too.

But the more important thing is to understand what the Bell-Lapadula and Biba models are, than to know what is the right keyword to attach to them.

D.W.
  • 98,420
  • 30
  • 267
  • 572
  • 1
    Thanks D.W. that makes sense. I'm anticipating I'll be asking more questions in the future and want to make sure I'm clearly expressing myself. – Mike B May 20 '11 at 17:37
1

@john, Biba is an 'dual' of Bell-LaPadula, Biba is about integrity, BLP is about confidentiality. They are very similar in nature, they both do the 'no write up, no read down' sort of rules.

Wikipedia says they concern themselves with 'state transition models' and while that's correct, that's not the full truth; it actually obscures the real problem with both of these models. Neither of these models concerns itself with the initial state, and for any system to be considered secure, the system must start in a secure state, and perform only allowed (secure) transitions. So the 'state transition model' might not be the best name for it, as it sounds as if it was a set of rules governing a state-diagram of security, but in fact, they don't. They are looking only at the transformations, and not at the state they're in.

But to get to the main topic, non-interference principle is the main idea behind the Goguen-Meseguer model. Biba/BLP are just other models. Information flow and state machines are just concepts used to describe various models.

Marcin
  • 2,508
  • 1
  • 15
  • 14
  • thank you, I'm aware of the models and their definitions. The 'state transition' part is indeed confusing for normal security people. But states are very real on those models, because they are based in mathematical notation, and they have absolute states (e.g. a state consists of all current permissions and all current instances of subjects accessing the objects). Also the transitions are governed by real mathematical rules. I purposefully made my answer simple because I don't think Mike would like those details or details about initial states. Maybe I oversimplified. – john May 24 '11 at 18:56
  • Now that I think of it I may rewrite my answer to make things more clear. – john May 24 '11 at 18:58