Security Models

These describe criteria by which authorization systems are modeled.

Bell-LaPadula (BLP)

"No Read Up, No Write Down"

You can read things at or below your level and write things at or above your level. This does only protect against data leaks and not corruption. This model prioritizes confidentiality.

It's based around Mandatory Access Control in combination with Discretionary Access Control.

Given a subject (s) and an object (o):

Biba

"No Read Down, No Write Up"

Biba addresses the opposite concern: protecting data from being modified in untrusted ways. It's useful in environments where accurate and untampered data matters more than secrecy. This model prioritizes integrity.

It's a variant of Mandatory Access Control.

Clark Wilson

This models data access around explicitly constraining resources. Access requests are handled by a transformation process that converts the request into permissions. These permissions are forwarded to the integration verification process, which performs authentication and authorization. Unconstrained resources can be accessed without this procedure.

Chinese Wall

This model doesn't use a fixed hierarchy or integrity lattice. Instead it groups companies into conflict-of-interest classes (e.g. all oil companies in one class), and access history dynamically determines what a subject may access next.