Security Models

These describe criteria by which authorization systems are modeled.

Bell-LaPadula (BLP)

"No Read Up, No Write Down"

You can read things at or below your level and write things at or above your level. This does only protect against data leaks and not corruption.

Biba

"No Read Down, No Write Up"

Biba addresses the opposite concern: protecting data from being modified in untrusted ways. It's useful in environments where accurate and untampered data matters more than secrecy.

Mixed Salads

Subjects and objects are assigned both a confidentiality level (BLP) and an integrity level (Biba), with access mediated only through trusted transformation procedures (Clark-Wilson) that enforce well-formed transactions. Dynamic conflict-of-interest constraints (Brewer-Nash) further restrict which objects a subject may access based on their access history, while the system guarantees that actions at one level produce no observable side-effects at another (Noninterference).