What is Computer Security?

Computer security refers to the measures and controls that ensure the confidentiality, integrity,
and availability of the information processed and stored by a computer. This includes everything
from protecting physical information assets, to data security and computer safety practices.

Key Aspects of Computer Security

1. Confidentiality: Protecting sensitive information from unauthorized access, use,
disclosure, disruption, modification, or destruction.
2. Integrity: Ensuring that data is accurate, complete, and not modified without
authorization.
3. Availability: Ensuring that data and systems are accessible and usable when needed.

Types of Computer Security

1. Physical Security: Protecting computer systems and data from physical threats, such as
theft, damage, or unauthorized access.
2. Network Security: Protecting computer networks from unauthorized access, use, or
disruption.
3. Application Security: Protecting software applications from vulnerabilities and attacks.
4. Data Security: Protecting sensitive data from unauthorized access, use, or disclosure.

Importance of Information Security

1. Protection of Valuable Data: Computer security helps protect sensitive information, such
as financial data, personal identifiable information, and intellectual property.
2. Prevention of Unauthorized Access: Computer security prevents unauthorized access to
computer systems, networks, and data.
3. Protection of Computer Systems: Computer security helps protect computer systems from
malware, viruses, and other cyber threats.
4. Compliance with Regulations: Computer security helps organizations comply with
regulatory requirements and industry standards.

What is Threat ?
A threat is a possible security violation that might exploit the vulnerability or weakness
of a system or asset.
The origin of the threat may be accidental, environmental (natural disaster), human
negligence, or human failure.
Different types of security threats are interruption, interception, fabrication, and
modification.
Types of Threats

1. Unstructured Threats: Unstructured threats are typically executed by inexperienced

individuals using easily accessible hacking tools like shell scripts and password crackers. If
executed only to test a hacker’s skills, they can cause significant damage to a company.
2. Structured Threat: A structured threat involves an organized attempt to breach or harm a
specific network or organization. These threats come from highly motivated and technically
skillful hackers.
3. External Threats: External threats come from outside the organization. They have
unauthorized access to the computer systems and network. They typically enter a network via
the Internet.
4. Internal Threat: Internal threat occurs from authorized user of organization. Eg physical
access or using server username password.
What is Attack?
An attack is a intentional or planned unauthorized action on a system or asset. Attacks can be
classified as active and passive attacks. An attack will have a motive and will follow a method
when the opportunity arises.

Any number of motives could inspire an attacker; two motives that we touched on already are
financial gain and gathering intelligence

Types of Attack
● Active Attack: Active attacks aim to manipulate system resources or impact their
operation.
● Passive Attack: Passive attacks aim to extract sensitive information from a system
without affecting its resources. Passive attack is more dangerous than active attack.

Primary Classes of Attack

● investigation >> Survey or exploration

● Denial of service >> Multiple request for services
Worms, viruses, and Trojan horses >> Data steal, duplication or fishing.

Difference between Threat and Attack

Threats can be intentional or unintentional.
Threats may or may not be malicious.
Circumstances that can cause damage.
Information may or may not be altered or damaged.
The threat is comparatively hard to detect.
Can be blocked by control of vulnerabilities.
Can be initiated by the system itself as well as by
outsiders.
Can be classified into Physical, internal, external,
human, and non-physical threats.
The attack is intentional.
The attack is malicious.
The objective is to cause damage.
The chance for information alteration and damage is
very high.
Comparatively easy to detect.
Cannot be blocked by just controlling the
vulnerabilities.
An attack is always initiated by an outsider (system or
user).
These can be classified into Viruses, Spyware, Phishing,
Worms, Spam, DoS attacks, Ransom ware, and
Breaches.
What are the Security Functional Requirements ?
Security functional requirements in information security refer to the specific functionalities and
capabilities that a system or software must have in order to provide sufficient protection against
unauthorized access,
1. Access Control: Limit information system access to authorized user.
2. Awareness and Training: Ensure that employee is adequately trained to carry out their
assigned information security-based duties and responsibilities.
3. Audit and Accountability: Ensure that the action of individual information system user
can be uniquely traced to that user so they can be held accountable for their action.
4. Certification: To monitor information system security controls on ongoing basis to
ensure the continued effectiveness of the controls.
5. Configuration management: Establish and maintain baseline configuration and
inventories of organizational information system (including hardware, software, firmware
and documentation)
6. Contingency Planning: Establish, maintain and implement plan for emergency response,
backup operation and post disaster recovery for organizational information system.
7. Identification and Authentication: Identify information system user and authenticate
(or verify) the identities of those user to allowing access to organizational information
system.
8. Incident Response: Establish an operational incident-handling capability for
organizational information system.
9. Maintenance: Perform periodic and timely maintenance on organizational information
system.
10. Media Protection: Protect IS media both paper and digital.
11. Physical and Environmental Protection: Limit physical access to equipments.
What are Security Design Principles?

While designing any security system we need to consider some security mechanism. These principles are
review to develop a secure system which prevents the security flaws (weakness) and also prevents
unwanted access to the system. Companies consider security from the start of a project and use
software developed by engineers, aimed at reducing the possibility of defects that could compromise a
company’s information security.
1. Economy of mechanism: keep IT security design as simple as possible that’s why easily
understood and error correction. When making simple security then it is easier to understand
and fix error.
2. Fail-safe defaults: Default action always be deny access. If action fails, system should remain as
secure as when action began. Eg If firewall fails all traffic will be blocked. Policy determines
which traffic should accept or deny.
3. Complete Mediation(Mediator) : Do apply access control in every module. Otherwise a single
user can access all modules in the security system. Checking every access can slow down system
and maximize the cost. If permission changes after, may get unauthorized access.
4. Open design: Security design should be open or openly available. Eg Linux. Like in the
cryptographic algorithm, the encryption key is kept secret while the encryption algorithm is
opened for a public investigation.
5. Separation of privilege: do not give single authentication access to any user of process, must be
multiple factor authentication. Password>>verification>>access.
6. Least privilege: Each user should be able to access the system with the least privilege.
Associated user has only access to the particular security system. Eg: Network user able to login
network device not to programming user. Only those limited privileges should be assigned to
the user which is essential to perform the desired task. Eg Role base access control (RBAC)
7. Least common mechanism: share minimum function among the user so that user does not
compromise whole system. Eg sharing a single file to all they may compromise and remaining
system remain same.
Attack Surface
The attack surface is the number of all possible points, or attack, where an unauthorized user can access
a system and extract data. The smaller the attack surface, the easier it is to protect.
Organizations must constantly monitor their attack surface to identify and block potential threats as
quickly as possible. They also must try and minimize the attack surface area to reduce the risk of cyber
attacks succeeding. However, doing so becomes difficult as they expand their digital footprint and new
technologies.
Common vulnerabilities include any weak point in a network that can result in a data breach. This
includes devices, such as computers, mobile phones, and hard drives, as well as users themselves
leaking data to hackers.
Other vulnerabilities include the use of weak passwords, a lack of email security, open ports, and a
failure to update software, which offers an open backdoor for attackers to target and exploit users and
organizations. Another common attack surface is weak web-based protocols (http/https), which can be
exploited by hackers to steal data through man-in-the-middle (MITM) attacks.
Here are some examples of attack surfaces:
1. Physical Office Space: A business’s physical office is an attack surface. An attacker can try to gain unauthorized access to
the office by breaking and entering, or by exploiting vulnerabilities in the building’s security systems.
2. Domain Names: DoS attack is an attack surface. An attacker can try to compromise the domain name by sending enormous
amount of request to domain.
3. SSL Certificates: A company’s SSL certificates are an attack surface. An attacker can try to compromise the certificates by
exploiting vulnerabilities in the certificate authority or by using techniques like certificate forgery.
4. Network Services: A company’s network services, such as email, file sharing, and remote access, are an attack surface. An
attacker can try to compromise these services by exploiting vulnerabilities in the software or by using techniques like phishing
and social engineering.
5. Software and Operating Systems: A company’s software and operating systems are an attack surface. An attacker can try
to compromise these systems by exploiting vulnerabilities in the code or by using techniques like buffer overflow attacks.
6. Endpoints: A company’s endpoints, such as laptops, desktops, and mobile devices, are an attack surface. An attacker can
try to compromise these devices by exploiting vulnerabilities in the software or by using techniques like malware and
phishing.
Attack Tree

● Attack trees are hierarchical diagrams that show the potential m method
ethod for exploiting
security vulnerabilities. At the root of the tree lies the targeted security incident, with
branches and sub node. The approach uses a visual representation of interconnected
issues, that lead to a single major fault, and as such they are an effective way of
performing root cause analysis.
● In applying the same logic to cyber security, you can investigate the different ways that a
system might be attacked, or how an attacker might achieve a specific objective.
● Node within t he tree can be either AND or OR.
● By using attack tree IT professionals gain insight into potential threats, identifies
vulnerability, priority to security measures and advise effective way to mitigate risk.
Function of Attack Tree
● Visualization:
on: It provide clear visualization of the attack surface, highlighting potential
weakness and pathway for attack. This help security professionals understand how
attacker might exploit vulnerabilities in their network.
● Logical Relationship: the tree struct
structure
ure illustrate the logical relationship between
different attack method. Each level represent conditions necessary for the attacker to
advance further.
● Brainstorming ( clear understanding) tool: It is collaborative tools helps to identify
potential threats and uncover attack that may have been overlooked( fail to notice)

Get Database
Access
AND OR

sending Get access to

Phishing Open Email Admin
Email compuer

OR
Get Office Remote
Key Access

Example: User becomes a victim of phishing

1. Phishing email is sent AND user opens the phishing email

2. OR attacker get access into admin computer and computer system is

either Remote accessible OR attacker get office key
Computer Security Strategy

A comprehensive security strategy encompasses three key aspects:

1. Security Policy: include what the security scheme aims to achieve
Set of rule, guidelines and procedure implemented by an organization to ensure the
confidentiality, integrity and availability of its information assets.
Goals of Security Policy
1. Protecting sensitive data from unauthorized access.
2. Safeguarding computer system and network from cyber threats and attacks.
3. Ensuring compliance with relevant laws, regulation and industry standards.
4. Promoting user awareness and accountability for security practices.
5. Mitigating risk associated with data breaches, data loss and system downtime.
6. Facilitating the secure and efficient operation of business process and workflows.
7. Implementation/ mechanism: This focuses on how the security measures are
implemented.
8. Correctness/ Assurance: This evaluates whether the security measures are
effective in practice.

2. Security Implementation
Security implementation or mechanisms are the practical measures and technologies used to
enforce security policies and protect assets from threats. Examples include encryption, access
control, intrusion detection, firewalls, antivirus software and backup system. They prevent
unauthorized access, detect breaches, respond to attack and facilitate recovery from security
incidents. Security implementation involvers:
● Prevention : stop security attack
● Detection: Various system like intrusion detection system used to detect
attack.
● Response: once an attack is detected, the system should respond promptly to
mitigate its impact.
● Recovery: Restoring the system to secure and functional state following a
security incident. Eg: Maintaining backup
3. Assurance and evaluation
Consumers of computer security service and mechanism, such as system manager, vendors ,
customers, and end user, seek assurance that fulfill security requirements and enforce
policies.
Assurance refers to the confidence level in the functionality of security measures to protect
system and information. It address whether the system design and implementation meet their
respective requirements and specification.
Evaluation on other hand involves testing and examining computer products or system
against specific criteria to access their security.
Term Subject , Object and Access Rights

Subject: A subject is a user, application, device or a process run by a user Trying to access
resources. A subject should have a level of clearance (permissions) that relates to its ability to
successfully access services or resources.
Owner: creator of a resource
Group: group of users; membership in the group is sufficient for certain access rights
World: Users who are not included in the categories of owner and group may be able to
access the resources with limited permissions.

Object : These are the what in access control. They represent the resources being used like
files, databases, application or even network devices.
Object is anything that a subject attempts to access, It could be a device process, person, user,
program, a server of even a client. An object is passive in the sense that it takes no action
until called upon by the subject.

Access right:
Three Types of Access Rights:
READ
WRITE
EXECUTE
Describes the way in which a subject may access an object: – Read (incl. copy or print);
Write (incl. read access; add, modify or delete); Execute; Delete; Create; Search (list the files
in a directory or search the directory)
Types of Access Control
1. Discretionary Access Control

Discretionary access control (DAC) is a type of security access control that grants or restricts
object access via an access policy also known as ACL determined by an owner group or
subjects. DAC controls are defined by user identification with supplied credentials during
authentication, such as username and password. DACs are discretionary because the subject
(owner) can transfer access to other users. In other words, the owner determines object access
privileges.
In DAC, each system object (file or data object) has an owner, and each initial object owner
is the subject that causes its creation. Thus, an object’s access policy is determined by its
owner.
Users Data Access File # 1 Data Creation Application
Ram Read/Write Execute

Shyam Read Execute

Hari None None
An access control matrix is a table that defines access permissions between specific subjects and
objects. A matrix is a data structure that acts as a table lookup for the operating system. For example,
above table is a matrix that has specific access permissions defined by user and detailing what actions
they can enact. User Ram has read/write access to the data file as well as access to the data creation
application. User Shyam can read the data file and still has access to the application. User Hari has no
access within this data access matrix.

Features of DAC

● User may transfer object ownership to another user(s).

● User may determine the access type of other users.
● After several attempts, authorization failures restrict user access.
● Unauthorized users are blind to object characteristics, such as file size, file name and
directory path.
● Object access is determined during access control list (ACL) authorization and based on
user identification and/or group membership.
Benefits of DAC
A discretionary access control system is a system in which a user with access to a certain level of data can
give access to the same level of data to someone else based on their judgement and choice.
1. User Friendly:- Managing data and permissions is easier with DAC. The user interface is very
easy to operate thus no need to go through the pain of planning it all out at once.
2. Flexible:- While working, often a need to share data with co-workers comes up. DAC system
allows any user with access to certain information to grant access to others as well, hence making
the working process smooth.
3. Less Headache for Administration:- DAC doesn’t require regular maintenance does not take
much time. Sharing of data is much easier as the administration does not need to interfere
whenever a piece of information is needed to be shared with a user.
Disadvantages:-
● Less Secure System:- As access can be given from one person to another,
● data is not very well secured under DAC. Thus, it is not much feasible for the administration to
overview ACL now and then, which may lead to leakage of information to someone outside the
organization.
● Hard to keep track of data:- As the DAC system is not centralized, the only way administration
can monitor data flow is by going through ACL. This is only convenient in the case of a small
organization where employees are fewer.
2. Role Based access Control (RBAC)

Role-based access control (RBAC) is a method of managing user access to systems, networks, or
resources based on their role within a team or a larger organization. Rather than assigning
permission directly to individual user, RBAC assign permission to role, then role is assigned to
user or group according to their responsibilities.
For example: In IT company there may multiple roles like as Network, Administrator, Database,
System analyst and programming. RBAC assign these role to user. Each role is associated to list
of permission or access right. For eg Database administrator role may have all database related
authority.

Benefits of RBAC

1. Simplified management: This make administrative task easier such as assigning,

modifying and revoking access rights of user. Once access provided to particular role,
user associated with those role can automatically get.
2. Least privilege principle: Only the required and necessary privileges are assigned to the
user or role to complete job function. It minimizes the risk of unauthorized access.
3. Enhance Security: Access rights are assigned based on defined roles. It reduces the
excessive permission or accessing sensitive resources they do not need.
4. Improved compliance: More effectively comply with regulatory requirements for
confidentiality, integrity, availability, and privacy. Also helps administrators to easily
demonstrate and audit access rights and regulatory audits.
5. Scalability and flexibility: New role can be defined and existing roles can be modified or
re-assigned as needed.
6. Increased productivity: RBAC enhance productivity by providing user with efficient
access to the resources necessary for their roles.
3. Attribute Based Access Control (ABAC)

Unlike traditional models, ABAC can adapt to complex, distributed environments, making it ideal for
applications requiring high customization and contextual sensitivity in access decisions. It included
scenarios where user roles are insufficient to capture the full of access needs, offering a smart and
robust solution
There are four types of attributes that the ABAC model utilizes to craft access policies. An ABAC policy
can use one or all of them together, depending on the context and the policy requirements:
An access control method where subject requests to perform operations on objects are granted or
denied based on assigned attributes of the subjects, assigned attributes of the object, environment
conditions, and a set of policies that are specified in terms of those attributes and conditions.

1. Subject Attributes: These encompass user-related characteristics, including roles,

departments, and security clearances. They form the backbone of the user identity within
the ABAC framework, providing a detailed profile that guides access decisions.
2. Resource Attributes: These relate to the assets or objects (files, applications, APIs)
being accessed. Attributes like file type, sensitivity level, and ownership are crucial in
defining the nature of the resource in the access control equation.
3. Action Attributes: These define the nature of a user's interaction with a resource.
Actions usually describe the type of action performed (Like read, write, edit, or delete)
and can be paired with action attributes, such as “frequency” (For example - a limit on
how many times an action can be performed).
4. Environmental Attributes: These capture the broader context of the access request,
including time, location, and device used. This dimension adds a dynamic aspect to
ABAC, allowing policies to adapt to changing contexts.

The ABAC framework integrates these components to create a rich, multi-dimensional approach
to access control, enabling precise and adaptable policies for varying scenarios

The Benefits of ABAC

1. Granularity(Details in set of data): ABAC enables highly precise policy-making by
considering a wide range of factors when making a decision.
2. Flexibility: Policies in ABAC can be dynamically adjusted to changing organizational
needs. Consider a multinational corporation that needs to adjust access rights based on
varying data protection laws in different countries.
3. Scalability: ABAC efficiently manages increasing volumes of users and resources. In a
rapidly growing tech company, for instance, as new employees join and new projects are
initiated, ABAC can seamlessly (uninterruptible) scale to accommodate these changes
without needing constant policy reconfiguration.
4. Enhanced Security and Compliance: ABAC's detailed access control significantly
improves security. In a financial institution, ABAC can restrict access to sensitive
financial records based on a combination of user role, location, and transaction context,
thereby reducing the risk of data breaches and ensuring compliance with financial
regulations.
5. Reduced Administrative Overhead: ABAC minimizes manual intervention by automating
access decisions based on attributes. In a university setting, for instance, access to
academic records can be automatically adjusted based on a student’s enrollment status,
course registration, and academic role, thus reducing the administrative burden on IT
staff.
 Example
Scenario: A hospital wants to ensure that patient records are accessible only to authorized personnel
under specific conditions.
ABAC Implementation:

● Attributes: User role (doctor, nurse, administrative staff), department, patient assignment, data
classification (sensitive, non-sensitive), time of access, and location.
● Policy Example: A doctor can access sensitive patient records only if they are currently assigned
to the patient, the access request is made within hospital premises, and during their shift hours.

ABAC vs. RBAC

ABAC
1. It provides access rights based on various
attributes of the user, resource and
environment.
2. Enhanced security for your assets.
3. Security Admin may need to spend a lot of time
analyzing organizational roles and attributes
while creating access policies.
4. The cost of implementation is high.
5. No need to modify existing access policies
when a new user joins the team.
RBAC
1. It provides access rights based on
user roles.
2. Limited security for your assets.
3. Creating roles is much simpler
and faster than assigning
attributes to users.
4. The cost of implementation for
RBAC is relatively lower than
ABAC.
5. Security Admin may need to
create a new role whenever a new
user joins the team.
Identity management
Identity management (ID management) is the organizational process for ensuring individuals
have the appropriate access to technology resources.
This includes the identification, authentication and authorization of a person, or persons, to have
access to applications, systems or networks. This is done by associating user rights and
restrictions with established identities.
digital identity is the key to access. Identities contain information and attributes that define a
role, specifically provide or deny access to a given resource, and informs others in the
organization who or what that identity belongs to, how to contact them if a person, and where
they fit in the overall enterprise hierarchy

An Identity Management System is a collection of processes and technologies used to manage

and secure user identities within an organization. It include wide range of functionalities like
user provisioning, role-based access control, password management, and auditing, among others.
The primary goal of IMS is to ensure that only authorized individuals have access to the
organization’s resources, enhancing the security of sensitive data and systems.
IMS is becoming an essential component of IT infrastructure. With an effective IMS,
organization can control who accesses their data, when, and how. This not only helps to prevent
unauthorized access but also ensures compliance with various data protection regulations.

Components of an Identity Management System

1. Identification
Identification is the first component of an IMS. It involves the process of recognizing a user
within the system, forming digital identities with unique attributes.
It is important to note that identification does not necessarily give access. It just recognizes a
user in the system.
2. Authentication is the second component of the IMS. It involves verifying that the recognized
user is indeed who they claim to be. This is usually achieved through the use of passwords,
security questions, or biometric data. The authentication process is crucial as it helps to prevent
unauthorized access to the system.
3. Authorization
Once a user has been identified and authenticated in the system, the next step is authorization.
This involves deciding what resources the user can access and what actions they can perform.
Authorization is typically based on predefined roles and policies.
For eg: A system administrator may have the authority to modify system configurations, unlike a
regular user. By defining clear roles and access rights, organization can ensure that users only
access resources necessary for their roles, thereby minimizing the risk of data breaches.

4. User Management
User management involves the creation, modification, and deletion of user accounts. This
process should be carried out by a dedicated team to ensure consistency and security.
User management also includes managing user roles and access rights. This should be done in
line with the organization’s policies and procedures.
For instance, when an employee leaves the organization, their access rights should be promptly
revoked to prevent unauthorized access.

5. Compliance Management
Identity management systems also help the organization ensure that the organization complies
with various data protection laws and regulations. This might involve implementing controls to
protect user data and prevent unauthorized access, such as encryption, access control, auditing.
User Registration Process
The first step in any IMS is the user registration process. This process involves the collection of
user information, which is then stored securely. This information is usually collected via a
registration form, and the user is then provided with credentials (such as a username and
password) that they will use to access the system.
User Authentication Process
After registration, the next step is user authentication. This process verifies the identity of the
user each time they attempt to access the system. The most common method of authentication is
through the use of credentials provided during registration. However, other methods such as
biometrics, tokens, or two-factor authentication may also be used to enhance security.
Access Control Process
Once a user’s identity has been verified through the authentication process, the system then
determines what resources the user is allowed to access. This is known as the access control
process.This process is crucial for maintaining security within the system and ensuring that users
only have access to appropriate resources.
User Management This process involves monitoring user activity within the system, managing
user access rights, and conducting regular audits to ensure that the system remains secure.
Audit Process Finally, every modern IMS includes an audit process. This process is key to
identifying potential security threats and ensuring that the system is functioning as intended.

Credentials Management
Credential management is a security practice that combines strategies, policies, and technologies
to protect login credentials. Organizations use credentials to identify and authenticate users who
need access to system resources. Credentials include data such as passwords, certificates, tokens,
and keys.
It provides a central location for storing users’ account credentials and access privileges and
makes it easier for IT teams to manage the credential lifecycle.
Credentials are the digital equivalent of physical keys. A valid set of credentials enables a user to
unlock a company’s system resources and gain access to sensitive data.
Example of Credential Management
Organization can create barriers to cyber attacks by combining modern credential management
tools with proven security policies and practices. Examples of some strong credential
management practices include
● Multi-factor authentication (MFA)
● Non-password identity verification methods, such as CAPTCHA challenges
● Strict password policies
● Careful account provisioning
● Digital Certificates
● Cryptographics key

Access Management
Organization use access management solutions to authenticate, authorize, and audit access to
applications and IT systems. It’s goal is to verify individuals identities correctly when accessing
sensitive area, system or data.
1. Resource management: define access control rule for resources, including credentials,
user attributes, resources attributes, and environmental condition for access.
2. Privilege management: Maintain individual access profile. This determine access
decisions to physical or logical resources and linked to digital entity or user.
3. Policy management: Make policies for the user or group based on identity attribute,
resource or object attribute and environmental conditions.

ICAM
Identity, credential, and access management (ICAM) is a set of security tools, policies, and systems that
helps organizations manage, monitor, and secure access to their information technology (IT)
infrastructure. ICAM represents the combination of digital identities, credentials, and access controls
into a single comprehensive approach. ICAM reduces the risk of cyber attacks to your organization by
preventing unauthorized access to your networks, systems, and data.

Benefits of ICAM

● Enhanced Security: ICAM provide central management of user identities, access permission
reducing the risk of unauthorized access.

● Improved compliance: Improving your cyber security by limiting access to authorized users and
regulate organization security standards.

● Simplifying operations: It simplify your organization’s user management Securing access to

information, access control policy.

● Audit: Tracking access to sensitive information with more effective management.

● Scalability: Easily add user, user role, attribute and revoke access rights after left the
organization.

● Better user experience: provide single sign-on capabilities that's why user or process can access
multiple resources.
Bell-LaPadula Model

This Model was invented by Scientists David Elliot Bell and Leonard .J. LaPadula.Thus this model is called
the Bell-LaPadula Model. This is used to maintain the Confidentiality. Here, the classification of
Subjects(Users) and Objects(Files) are organized in a non-discretionary fashion, with respect to different
layers of secrecy.

● SIMPLE CONFIDENTIALITY RULE: Simple Confidentiality Rule states that the Subject can only
Read the files on the Same Layer of Secrecy and the Lower Layer of Secrecy but not the Upper
Layer of Secrecy, due to which we call this rule as NO READ-UP

● STAR CONFIDENTIALITY RULE: Star Confidentiality Rule states that the Subject can only Write
the files on the Same Layer of Secrecy and the Upper Layer of Secrecy but not the Lower Layer
of Secrecy, due to which we call this rule as NO WRITE-DOWN

● STRONG STAR CONFIDENTIALITY RULE: Strong Star Confidentiality Rule is highly secured and
strongest which states that the Subject can Read and Write the files on the Same Layer of
Secrecy only and not the Upper Layer of Secrecy or the Lower Layer of Secrecy, due to which we
call this rule as NO READ WRITE UP DOWN

h
Biba Integrity Model
This Model was invented by Scientist Kenneth .J. Biba. Thus this model is called Biba Model. This is used
to maintain the Integrity of Security. Here, the classification of Subjects(Users) and Objects(Files) are
organized in a non-discretionary fashion, with respect to different layers of secrecy. This works the exact
reverse of the Bell-LaPadula Model.

It has mainly 3 Rules:

● SIMPLE INTEGRITY RULE: Simple Integrity Rule states that the Subject can only Read the files on
the Same Layer of Secrecy and the Upper Layer of Secrecy but not the Lower Layer of Secrecy,
due to which we call this rule as NO READ DOWN

● STAR INTEGRITY RULE: Star Integrity Rule states that the Subject can only Write the files on the
Same Layer of Secrecy and the Lower Layer of Secrecy but not the Upper Layer of Secrecy, due
to which we call this rule as NO WRITE-UP

● STRONG STAR INTEGRITY RULE

Trust Frameworks
Internet companies, network service providers, and big organizations are increasingly focused on the
interconnected ideas of trust, identity, and qualities.
It provides a solution for data exchange between organizations and individuals, enabling secure and
efficient data sharing, processing and use.

The need-to-know principle, which asks what information you need to know about someone in order to
engage with them, is typically used by parties to transactions for efficiency, privacy, and legal simplicity.

Reason for Trusted Framework

● Standardization of identity, authentication and access control process and technologies within a
trust community
● By combining published standards to reduce burden of adopters to know all the standards.
Traditional identity exchange approach
User establishes agreements with an identity service provider to obtain digital identities and credentials.
Digital identities and credentials are then used to access services or resources provided by the other
parties. This credentials are trusted by the both sender and receiver parties.

There is direct legal agreement only among service provider, relying parties and user.

The relying party need assurance that the user been authenticated. And attribute provided by the
identity service provider are accurate and provider is authoritative for those attributes. For eg A
licensed Certifying Authority (CA) provide digital signature certificate not by other bodies.
User also seek assurance that both parties will handle sensitive information and maintain privacy
of data.

Open Identity Trust Framework

To enable large‐scale networks of trust an Open Identity Trust Framework (OITF) that is, a set of
technical, operational, and legal requirements and enforcement mechanisms for parties for
exchanging identity information.
In an OITF additional requirements and mechanisms to support the flow of information among
users, identity service providers, and relying parties. The roles and relationships of these
additional requirements are as follows:
Policymakers decide the technical, operational, and legal requirements for exchanges involving
identity information among the group.
1. Technical requirements might include, for example, product version levels, system
configuration, settings, and protocols.
2. Operational requirements may address, for example, asset management, access
control, and disaster management,
3. Legal requirements focuses toward fair information practices.
Assessors evaluate identity service providers and relying parties and certify that they are capable
of following the OITF provider’s blueprint.