Information Security

Protection Model

In information security, protection models refer to the various methods and

techniques used to protect systems and data from unauthorized access, use,
disclosure, disruption, modification, or destruction.

Here are some common protection models:

1. Access Control Model

2. Confidentiality Model

3. Integrity Model

4. Availability Model

5. Defense in Depth Model

1)Access Control Model

• The Access Control Model is a security model that governs how users are
granted access to system resources and data.

• It determines the mechanisms and rules for authentication, authorization, and

accounting (AAA) in order to enforce proper access controls.

• The goal of the Access Control Model is to ensure that only authorized
individuals or processes are allowed to access specific resources or perform
certain actions within a system.

There are several types of Access Control Models, including:

1. Mandatory Access Control (MAC)

2. Discretionary Access Control (DAC)
3. Role-Based Access Control (RBAC)
4. Attribute-Based Access Control (ABAC)
5. Rule-Based Access Control (RBAC) Protection Models
Information Security

Mandatory Access Control (MAC)

• This model assigns security labels (e.g., security classifications or levels) to both
users and system resources.

• Access decisions are based on the labels and predefined access rules, which are
typically enforced by the operating system or security software

Discretionary Access Control (DAC)

• In this model, access control decisions are left to the discretion of the resource
owner.

• Each resource has an associated Access Control List (ACL) that specifies the
permissions granted to individual users or groups.

Role-Based Access Control (RBAC)

• RBAC is based on the concept of roles.

• Users are assigned specific roles, and permissions are assigned to these roles
rather than to individual users.

• This simplifies administration and enables more efficient management of access

controls

Attribute-Based Access Control (ABAC)

• ABAC takes into account various attributes or characteristics of users, resources,

and the environment to make access control decisions.

• Attributes such as user roles, time of access, location, and data classification can
be considered when determining access permissions. RBAC uses a set of
predefined rules to determine access permissions.

• These rules are based on conditions or criteria specified in policies and are
evaluated to determine whether access should be granted or denied.
Information Security

• Each Access Control Model has its own advantages and is suitable for different
security requirements and environments.

• Organizations may choose to implement one or a combination of these models

based on their specific needs and risk tolerance.

2)Confidentiality Model

• A Confidentiality Model is a security model or framework that focuses on

protecting the confidentiality of information.

• It outlines the measures and mechanisms put in place to ensure that sensitive
information is only accessible to authorized individuals or entities and remains
confidential

There are different confidentiality models used in information security, including:

1. Bell-LaPadula Model (BLP)

2. Biba Model
3. Clark-Wilson Model
4. Lattice-Based Model
5. Non-Interference Model

Bell-LaPadula Model (BLP)

• The BLP model is based on the concept of multilevel security and is primarily
used in government and military contexts.

• It enforces the “no read up, no write down” principle, meaning that a user or
process at a certain security level can only access or modify information at that
level or lower.

Biba Model

• The Biba model, also based on multilevel security, focuses on the integrity of
information.
Information Security

• It enforces the “no write up, no read down” principle, ensuring that information
is not modified or accessed by entities with lower integrity levels.

Clark-Wilson Model (BLP)

• The Clark-Wilson model is designed to ensure the integrity and consistency of

data.

• It emphasizes the use of well-formed transactions, separation of duties, and

certification of integrity for data items.

Lattice-Based Model

• The lattice-based model provides a more flexible approach to confidentiality by

defining a lattice structure of security levels.

• It allows for more granular access control based on the sensitivity of

information and the need-to-know principle.

Non-Interference Model

• The non-interference model focuses on preventing unauthorized information

flows between users or processes with different security levels.

• It aims to ensure that the actions of higher-level users or processes do not

interfere with the actions or visibility of lower-level users or processes.

3)Integrity Model

• An Integrity Model in cybersecurity refers to a framework or set of principles

that ensures the integrity of data and information within a system or network.

• The primary objective of an integrity model is to prevent unauthorized or

unintended modification, alteration, or corruption of data.

There are several integrity models commonly used in information security:

1. Biba Model
2. Clark-Wilson Model
Information Security

3. Non-Interference Model
4. Brewer-Nash Model (also known as the "CAP Theorem")
5. Trusted Computing Base (TCB) Model

Brewer-Nash Model

• Brewer-Nash Model also known as the “CAP Theorem”.

• The Brewer-Nash model focuses on the trade-off between consistency,

availability, and partition tolerance in distributed systems.

• It states that it is impossible to achieve all three properties simultaneously in a

distributed system.

• While not specifically an integrity model, it helps in understanding the

challenges and considerations for maintaining data integrity in distributed
environments.

Trusted Computing Base (TCB) Model

• The TCB model focuses on defining and protecting a trusted computing base,
which includes the hardware, software, and firmware components that are
essential for system integrity.

• It ensures that critical components are tamper-proof and protected from

unauthorized modifications.

• These integrity models, among others, provide guidelines and mechanisms for
maintaining the integrity of data and ensuring that unauthorized modifications or
corruption are prevented.

• Organizations adopt the appropriate integrity model based on their specific

security requirements, compliance needs, and the nature of the data they handle.

4)Availability Model
Information Security

• The Availability Model in cybersecurity refers to a framework or set of principles

that ensure the continuous availability and accessibility of systems, networks, and
resources to authorized users.

• The primary objective of an availability model is to prevent or mitigate

disruptions, downtime, or denial-of-service (DoS) attacks that could impact the
availability of critical services.

Here are some common elements and considerations in an availability model:

1. Redundancy and Failover

2. Load Balancing
3. Fault Tolerance Protection Models
4. Disaster Recovery and Business Continuity Planning
5. Distributed Denial-of-Service (DDoS) Mitigation
6. Incident Response and Incident Management
7. Scalability and Capacity Planning
8. Monitoring and Alerting

Redundancy and Failover

• Implementing redundant systems, networks, or components to ensure that if

one fails, another can take over seamlessly.

• This includes redundant power supplies, network links, servers, and data
centers

Load Balancing

• Distributing network traffic or workload across multiple servers or systems to

prevent overloading and ensure optimal performance.

• Load balancing helps distribute resources effectively and maintain availability

during peak usage.

Fault Tolerance
Information Security

• Designing systems with built-in capabilities to detect and recover from failures
automatically.

• This may involve technologies such as fault-tolerant hardware, clustering, or

replication of critical services.

Disaster Recovery and Business Continuity Planning

• Developing comprehensive plans and processes to recover systems and services

in the event of a major disruption or disaster.

• This includes data backups, off-site storage, and predefined procedures for
system recovery and business resumption. Protection Models cont…Availability
Model: Distributed Denial-of-Service (DDoS) Mitigation

• Implementing measures to detect and mitigate DDoS attacks, which aim to

overwhelm systems or networks with a flood of traffic or requests.

• This may involve traffic analysis, rate limiting, or deploying DDoS protection
services. Protection Models cont…Availability Model: Incident Response and
Incident Management

• Establishing incident response procedures to quickly identify and respond to

incidents that affect availability.

• This includes incident detection, containment, investigation, and recovery

processes.

Scalability and Capacity Planning

• Ensuring that systems and infrastructure can scale up or down to handle

increasing or fluctuating demands.

• This involves monitoring resource utilization, capacity planning, and ensuring

adequate resources are available to meet user demands.

Monitoring and Alerting

Information Security

• Implementing robust monitoring systems to proactively detect and respond to

availability issues.

• This includes real-time monitoring of system health, network performance, and

service availability, along with alerting mechanisms to notify administrators of
potential issues.

• By adopting an availability model and implementing appropriate measures,

organizations can minimize downtime, ensure continuous access to critical
services, and mitigate the impact of disruptions or attacks on their systems and
networks

5)Defense in Depth Model

• The Defense in Depth model, also known as layered security, is a cybersecurity

strategy that involves implementing multiple layers of defense to protect systems,
networks, and data.

• The goal is to create multiple barriers and safeguards to prevent or mitigate the
impact of security breaches and attacks.

• Each layer in the Defense in Depth model provides a unique set of security
controls and measures, collectively forming a robust and comprehensive security
posture

Here are the key components or layers typically found in a Defense in Depth
model:

1. Perimeter Security
2. Network Security
3. Host-based Security
4. Application Security
5. Data Security
6. User Security
7. Physical Security

Perimeter Security
Information Security

• The outermost layer focuses on securing the network perimeter and preventing
unauthorized access.

• It involves technologies like firewalls, intrusion detection systems (IDS),

intrusion prevention systems (IPS), and virtual private networks (VPNs) to control
and monitor incoming and outgoing traffic.

Network Security

• This layer involves securing internal networks, segments, and communication

channels.

• It includes technologies like network segmentation, VLANs, network access

control (NAC), and network monitoring tools to detect and mitigate network-
based threats.

Host-Based Security

• This layer focuses on securing individual devices, such as servers, workstations,

and endpoints.

• It involves implementing measures like antivirus software, host firewalls,

endpoint protection, and patch management to protect against malware,
unauthorized access, and vulnerabilities

Application Security

• This layer emphasizes securing software applications and their underlying

platforms.

• It includes practices such as secure coding, input validation, access controls, and
web application firewalls (WAFs) to prevent common application-level attacks like
SQL injections, cross-site scripting (XSS), and code exploits

Data Security

• This layer focuses on protecting sensitive data throughout its lifecycle.

Information Security

• It involves encryption, data loss prevention (DLP), access controls, data

classification, and data backup strategies to ensure confidentiality, integrity, and
availability of data.

User Security

• This layer involves securing user accounts, authentication mechanisms, and user
behavior.

• It includes measures like strong password policies, multi-factor authentication

(MFA), user awareness training, and user access controls to mitigate risks
associated with compromised or malicious user accounts.

Physical Security

• This layer addresses physical threats to the infrastructure and facilities where
systems and data reside.

• It includes measures like access control systems, surveillance cameras, security

guards, and environmental controls to prevent unauthorized physical access,
theft, or damage.