Which of the following security models focuses on data confidentiality and controlled access to
classified information?
A.
Bell-La Padula model
B.
Take-Grant model
C.
Clark-Wilson model
D.
Biba model
Explanation:
The Bell-La Padula Model is a state machine model used for enforcing access control in government
and military applications. The model is a formal state transition model of computer security policy
that describes a set of access control rules which use security labels on objects and clearances for
subjects. Security labels range from the most sensitive (e.g.,”Top Secret”), down to the least
sensitive (e.g., “Unclassified” or “Public”).
The Bell-La Padula model focuses on data confidentiality and controlled access to classified
information, in contrast to the Biba Integrity Model which describes rules for the protection of data
integrity.
Answer option D is incorrect. The Biba model is a formal state transition system of computer security
policy that describes a set of access control rules designed to ensure data integrity. Data and
subjects are grouped into ordered levels of integrity. The model is designed so that subjects may notcorrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level
than the subject.
Answer option C is incorrect. The Clark-Wilson model provides a foundation for specifying and
analyzing an integrity policy for a computing system. The model is primarily concerned with
formalizing the notion of information integrity. Information integrity is maintained by preventing
corruption of data items in a system due to either error or malicious intent.
The model’s enforcement and certification rules define data items and processes that provide the
basis for an integrity policy. The core of the model is based on the notion of a transaction.
The model’s enforcement and certification rules define data items and processes that provide the
basis for an integrity policy. The core of the model is based on the notion of a transaction.
Answer option B is incorrect. The take-grant protection model is a formal model used in the field of
computer security to establish or disprove the safety of a given computer system that follows
specific rules. It shows that for specific systems the question of safety is decidable in linear time,
which is in general undecidable.
The model represents a system as directed graph, where vertices are either subjects or objects. The
edges between them are labeled and the label indicates the rights that the source of the edge has
over the destination. Two rights occur in every instance of the model: take and grant. They play a
special role in the graph rewriting rules describing admissible changes of the graph.