Which of the following models does NOT include data integrity or conflict of interest?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Bell LaPadula model (Bell 1975): The granularity of objects and subjects is not predefined, but the model prescribes simple access rights.
Based on simple access restrictions the Bell LaPadula model enforces a discretionary access control policy enhanced with mandatory rules.
Applications with rigid confidentiality requirements and without strong integrity requirements may properly be modeled.
These simple rights combined with the mandatory rules of the policy considerably restrict the spectrum of applications which can be appropriately modeled.
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Also check: Proceedings of the IFIP TC11 12th International Conference on Information Security, Samos (Greece), May 1996, On Security Models.
The correct answer is D. Brewer-Nash.
Biba, Clark-Wilson, and Bell-LaPadula are all security models that include data integrity and address conflicts of interest.
The Biba model is a security model that focuses on data integrity. It defines a set of rules for controlling the flow of information in a system to ensure that data is not corrupted or modified by unauthorized access. The Biba model has two key principles: the integrity axiom, which states that data can only be written to a lower integrity level, and the no read-up axiom, which states that data can only be read by a subject at an equal or higher integrity level.
The Clark-Wilson model is a security model that addresses the problem of conflicts of interest in information systems. It defines a set of rules for ensuring that data is accessed and modified only by authorized users and in authorized ways. The Clark-Wilson model includes a separation of duties between users and a set of rules for ensuring that data is accessed and modified only in authorized ways.
The Bell-LaPadula model is a security model that focuses on confidentiality and addresses conflicts of interest. It defines a set of rules for controlling access to classified information in a system. The Bell-LaPadula model has two key principles: the no read-down axiom, which states that a subject at a higher security level cannot read data at a lower security level, and the no write-up axiom, which states that a subject at a lower security level cannot modify data at a higher security level.
The Brewer-Nash model, also known as the CAP theorem, is not a security model that includes data integrity or conflict of interest. Instead, it is a theorem that addresses the trade-offs between consistency, availability, and partition tolerance in distributed systems. It states that it is impossible for a distributed system to simultaneously provide all three guarantees, and that systems must choose to optimize for two at the expense of the third.