Subjects Accessing Objects through Applications

C.

The security model that dictates that subjects can only access objects through applications is the Bell-LaPadula model, which is option B in the given answers.

The Bell-LaPadula model is a formal state-transition model used in information security that specifies the rules for access control. The model is based on the concept of a multilevel security system that enforces confidentiality and integrity policies. It is designed to ensure that confidential information is not leaked to unauthorized parties, and that data is not corrupted or modified by unauthorized entities.

In the Bell-LaPadula model, access is granted based on the level of clearance of the subject (user) and the sensitivity of the object (data). The model assumes that there are multiple levels of security clearance, with each level providing access to a different level of information. For example, a top-secret clearance grants access to information classified as top secret, secret, and confidential, while a secret clearance provides access to secret and confidential information only.

The Bell-LaPadula model distinguishes between two types of access: read access and write access. The model enforces the "no read up" and "no write down" rules, which means that a subject with a lower clearance level cannot read or write information at a higher level. This ensures that confidential information is not disclosed to unauthorized users.

In addition, the Bell-LaPadula model also enforces the "application-only" rule, which means that subjects can only access objects through applications. This ensures that users cannot bypass the access controls implemented by the system by accessing objects directly.

The other security models mentioned in the question are as follows:

• The Biba-Clark model is a security model that enforces integrity policies. It is based on the concept of integrity levels, which are assigned to both subjects and objects. The model enforces the "no read down" and "no write up" rules, which means that a subject with a higher integrity level cannot write to an object with a lower integrity level, and a subject with a lower integrity level cannot read from an object with a higher integrity level.
• The Clark-Wilson model is a security model that enforces integrity and access control policies. It is based on the concept of transactions, which are used to ensure that data is accessed and modified in a controlled and auditable manner. The model uses the concepts of constrained data items and transformation procedures to ensure that data is transformed in a controlled and authorized manner.
• The Biba model is a security model that enforces integrity policies. It is based on the concept of integrity levels, which are assigned to both subjects and objects. The model enforces the "no read up" and "no write down" rules, which means that a subject with a higher integrity level cannot read from an object with a lower integrity level, and a subject with a lower integrity level cannot write to an object with a higher integrity level.