Which of the following security models characterizes the rights of each subject with respect to every object in the computer system?
Click on the arrows to vote for the correct answer
A. B. C. D.and r(s,o) R.
A right thereby specifies the kind of access a subject is allowed to process with regard to an object.
Answer: B is incorrect.
The Bell-La Padula Model.
The access matrix or access control matrix is an abstract, formal security model of protection state in computer systems that characterizes the rights of each subject with respect to every object in the system.
It was first introduced by Butler W.
Lampson in 1971
According to the access matrix model, the protection state of a computer system can be abstracted as a set of objects 'O', that is the set of entities that needs to be protected (e.g.
processes, files, memory pages) and a set of subjects 'S' that consists of all active entities (e.g.
users, processes)
Further there exists a set of rights 'R' of the form r(s,o), where s S, o O is a state machine model used for enforcing access control in government and military applications.
The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects.
Security labels range from the most sensitive (e.g.,"Top Secret"), down to the least sensitive (e.g., "Unclassified" or "Public")
The Bell-La Padula model focuses on data confidentiality and controlled Wilson model provides a foundation for specifying and analyzing an integrity policy for a computing system.
The model is primarily concerned with formalizing the notion of information integrity.
Information integrity is maintained by preventing corruption of data items in a system due to either error or malicious intent.
The model's enforcement and certification rules define data items and processes that provide the basis for an integrity policy.
The core of the model is based on the rules designed to ensure data integrity.
Data and subjects are grouped into ordered levels of integrity.
The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.
The security model that characterizes the rights of each subject with respect to every object in the computer system is the Access Matrix model.
Access Matrix is a protection model that describes the access control relationship between subjects and objects in a system. It is represented by a matrix, where the rows represent subjects, and the columns represent objects. Each entry in the matrix contains a set of access rights that determine what a subject can do with an object.
Subjects are active entities that can access resources in the system, such as users, processes, or applications. Objects, on the other hand, are passive entities that are accessed by subjects, such as files, directories, or devices.
Access rights define the types of actions that a subject can perform on an object, such as read, write, execute, or delete. Access rights can be granted or revoked by the owner of the object or by a system administrator.
The Access Matrix model allows for fine-grained access control, which means that access rights can be assigned at the individual level rather than at the group level. This allows for greater control over who can access which resources in the system.
The other security models listed in the question are as follows:
Clark-Wilson model: This model is used to ensure the integrity of data in a system. It uses a set of well-formed transactions to maintain the consistency and correctness of data. It enforces separation of duties and uses a strict set of rules to ensure that only authorized users can perform certain actions.
Bell-LaPadula model: This model is used to ensure confidentiality in a system. It uses a set of security classifications to label objects and subjects and enforces a set of rules that prevent unauthorized access to sensitive information.
Biba model: This model is used to ensure integrity in a system. It uses a set of integrity levels to label objects and subjects and enforces a set of rules that prevent unauthorized modifications to data.
In summary, the Access Matrix model characterizes the rights of each subject with respect to every object in the computer system, using a fine-grained access control matrix.