A security model as a design has to “formalize (define)”. Information security models are methods used to authenticate security policies, since their objective is to provide a precise set of rules that a computer can follow to implement the fundamental security concepts, processes and procedures contained in a security policy. These models can be abstract or intuitive. The Clark-Wilson model is an integrity model that was developed from the Biba model.
It approaches the protection of integrity from a different perspective. Instead of using a lattice structure, it implements a subject-program-object or three-part relationship. Subjects have access to objects exclusively through programs. In this model, the actions of the subject with a higher level of security should influence the actions of a subject with a lower level of security. I am studying to take the CISSP exam and am having difficulty understanding the difference between security models and security control frameworks.
Biba focuses on preventing information from going from a low level of security to a high level of security. When each state moves to another secure state, the system becomes a secure state machine. Bell-lapadula focuses on blocking the flow of information from a high level of security to a low level of security. The non-interference model is based on the information flow model, but addresses how the actions of a subject with a higher level of security affect the state of the system or the actions of a subject with a lower level of security.
All state transitions must be examined and, if all components of the state meet the requirements of the security policy, the state is considered safe.