CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [163]
FIGURE 6.13 The Clark-Wilson model
Let’s say you were working on a software product as part of a team. You might need to access certain code to include in your programs. You aren’t authorized to modify this code; you’re merely authorized to use it. You would use a checkout program to get the code from the source library. Any attempt to put modified code back would be prevented. The developers of the code in the source library would be authorized to make changes. This process would ensure that only people authorized to change the code could accomplish the task.
The Clark-Wilson model focuses on business applications and consistency.
Information Flow Model
The Information Flow model is concerned with the properties of information flow, not only the direction of the flow. Both the Bell La-Padula and Biba models are concerned with information flow in predefined manners; they’re considered Information Flow models. However, this particular Information Flow model is concerned with all information flow, not just up or down. This model requires that each piece of information have unique properties, including operation capabilities. If an attempt were made to write lower-level information to a higher level, the model would evaluate the properties of the information and determine if the operation were legal. If the operation were illegal, the model would prevent it from occurring. Figure 6.14 illustrates this concept.
FIGURE 6.14 The Information Flow model
Let’s use the previous software project as an example. A developer might be working with a version of the software to improve functionality. When the programmer had made improvements to the code, she would want to put that code back into the library. If the attempt to write the code were successful, the code would replace the existing code. If a subsequent bug were found in the new code, the old code would have been changed. The solution would be to create a new version of the code that incorporated both the new code and the old code. Each subsequent change to the code would require a new version to be created. While this process might consume more disk space, it would prevent things from getting lost, and it would provide a mechanism to use or evaluate an older version of the code.
Noninterference Model
The Noninterference model is intended to ensure that higher-level security functions don’t interfere with lower-level functions. In essence, if a higher-level user were changing information, the lower-level user wouldn’t know or be affected by the changes. This approach prevents the lower-level user from being able to deduce what changes are being made to the system. Figure 6.15 illustrates this concept. Notice that the lower-level user isn’t aware that any changes have occurred above them.
FIGURE 6.15 The Noninterference model
Let’s take one last look at the software project with which we’ve been working. If a system developer were making changes to the library that was being used by a lower-level programmer, changes could be made to the library without the lower-level programmer being aware of them. This would allow the higher-level developer to work on prototypes without affecting the development effort of the lower-level programmer. When the developer finished the code, he could publish it to lower-level programmers. At this point, all users would have access to the changes, and they could use them in their programs.
Summary
In this chapter, I covered the key elements of physical security, social engineering, and the environment. This chapter also showed you how business continuity, information security, and access models work.
Physical security measures