Sub Module version number: Version 0.1

Author of the sub module: Dr. Ping Chen

Code: OSS4

Objectives

This submodule covers different security policies and models.

Prerequisite

Description

Definition of a trusted system. Military security policy. Commercial security policies. Discussion of security models: Lattice model. Bell-La Padula confidentiality model. Biba integrity model. Graham-Denning model. Take-Grant systems..

Lecture Notes

Resources

Glossary

Bell-La Padula Security Model
Formal-state transition model of computer security policy that describes a formal set of (Access Controls) based on information sensitivity and subject authorizations.

Biba Integrity Model
A formal security model for the integrity of subjects and objects in a system.

Security Policies
The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information.

Security Policy Model
A formal presentation of the security policy enforced by the system. It must identify the set of rules and practices that regulate how a system manages, protects, and distributes sensitive information.

Trustworthy System
Computer hardware, software, and procedures that: (1) are reasonably secure from intrusion and misuse; (2) provide a reasonably reliable level of availability, reliability, and correct operation; (3) are reasonably suited in performing their intended functions; and (4) adhere to generally accepted security principles.