Passive entities (files, databases, programs, or servers) containing information.
Every security model is designed to uphold specific objectives. These objectives are universally represented by two primary frameworks: the and the IAS Octet . The CIA Triad
| Feature | Description | | :--- | :--- | | | Detailed explanations of CIA Triad (Confidentiality, Integrity, Availability), DAD (Disclosure, Alteration, Denial), and Parkerian Hexad . | | Access Control Models | Breakdown of DAC (Discretionary), MAC (Mandatory), RBAC (Role-Based), and ABAC (Attribute-Based) with real-world examples. | | Architectural & Framework Models | Bell–LaPadula (confidentiality focus), Biba (integrity focus), Clark-Wilson (commercial integrity), Brewer & Nash (Chinese Wall). | | Governance & Risk Models | ISO/IEC 27001 controls mapping, NIST SP 800-53 overlay, COBIT alignment, and FAIR (quantitative risk analysis). | | Threat Modeling Models | STRIDE (Microsoft), PASTA , Trike , VAST , and Attack Trees explained with diagrams. | | Comparative Matrix | A visual table comparing each model by: primary goal (confidentiality/integrity/availability), industry use case, strengths, and limitations. | | Case Studies | Real-world breaches mapped to which model would have prevented/mitigated them (e.g., Target breach → RBAC + Bell-LaPadula). | Information Security Models Pdf
Ensuring that a party to a transaction or communication cannot deny the authenticity of their signature or the transmission.
[ Access Request ] | v +--------------------------+ | Policy Enforcement Point | <--- Evaluates Attributes (User, Device, Environment) +--------------------------+ | +--------+--------+ | | [ Allowed ] [ Denied ] | v [ Secure Object ] Attribute-Based Access Control (ABAC) The CIA Triad | Feature | Description |
When an organization’s primary risk is data leakage or unauthorized access to sensitive information (such as military secrets or proprietary intellectual property), they deploy confidentiality-focused models. The Bell-LaPadula Model
Security models have evolved significantly since the earliest days of computer security. The first models emerged in the 1970s, driven largely by military and government requirements for multilevel security systems. The Bell-LaPadula model, developed in 1973, remains one of the most influential and best-known models in the field. The 1970s also saw the development of the Biba model for integrity protection and the access control matrix model originally proposed by Lampson. | | Governance & Risk Models | ISO/IEC
The Biba model defines its own set of strict properties, which are essentially the reverse of Bell-LaPadula's:
How to securely create and delete subjects (users) and objects (files). Key Elements: It defines eight primitive protection rules, such as "how to create an object," "how to grant access," and "how to delete a subject." It bridges the gap between the abstract HRU matrix and real operating systems (like Linux/Unix).
Integrity (Preventing unauthorized data modification). The Core Rule: "No Read Down, No Write Up."