Which of the following security models focuses on data confidentiality and controlled access to
classified information?
A.
Clark-Wilson model
B.
Biba model
C.
Take-Grant model
D.
Bell-La Padula model
Explanation:
The Bell-La Padula Model is a state machine model used for enforcing access
control in government and military applications. The model is a formal state transition model of
computer security policy that describes a set of access control rules which use security labels on
objects and clearances for subjects. Security labels range from the most sensitive (e.g.,”Top
Secret”), down to the least sensitive (e.g., “Unclassified” or “Public”).
The Bell-La Padula model focuses on data confidentiality and controlled access to classified
information, in contrast to the Biba Integrity Model which describes rules for the protection of data
security policy that describes a set of access control rules designed to ensure data integrity. Data
and subjects are grouped into ordered levels of integrity. The model is designed so that subjects
may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a
for specifying and analyzing an integrity policy for a computing system. The model is primarily
concerned with formalizing the notion of information integrity. Information integrity is maintained by
preventing corruption of data items in a system due to either error or malicious intent. The model’s
enforcement and certification rules define data items and processes that provide the basis for an
incorrect. The take-grant protection model is a formal model used in the field of computer security
to establish or disprove the safety of a given computer system that follows specific rules. It shows
that for specific systems the question of safety is decidable in linear time, which is in general
undecidable. The model represents a system as directed graph, where vertices are either subjects
or objects. The edges between them are labeled and the label indicates the rights that the source
of the edge has over the destination. Two rights occur in every instance of the model: take and
grant. They play a special role in the graph rewriting rules describing admissible changes of the
graph.