CCT 036: Understanding the Fundamental Concepts of Security Models (Domain 3.2)
May 15, 2023CCT 036 - RCR 133 - Understand the fundamental concepts of security models (D3.2)
[00:00:00] Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Shon Gerber and I'm your host for this action packed informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge.
Alright, let's get started.
Hey, hello. This is Shon Gerber with the CISSP Cyber Training Podcast. Hope you all are doing wonderful today, and today is a beautiful Monday here in the United States and it's just, it's awesome. It's awesome. It's, we're now getting into spring and so those are wonderful things that we're starting to see outside and it.
The, it's green finally. We don't in Kansas here, but it doesn't get a lot of rain, so it does have a bit of a challenge sometimes when the green grass does not want to be so green, it ends up being more brown. But it has been an awesome, just awesome [00:01:00] couple of weeks and we're pretty excited about that.
I would say, we're gonna be talking about today the CISSP in some different. Topics that may be a little bit hard for some people, and I don't mean in the fact that it's too hard to understand. It, it's hard to hang on because we're gonna be getting into security models now. I don't know if you all have seen any news lately in the, what's been going on, but it's.
Pretty amazing how qu quick and how pervasive this whole AI model has started to move forward. And I would tell you that from a cybersecurity standpoint, you all have chosen wisely. If you're looking to get into cybersecurity and you're taking your CISSP the market is going to do nothing but increase in its capability for you and your family.
And I think it's really important that you take this time now especially if you're just starting to study for it and get into this fully just because I'm getting at least one to two calls a day about AI and people asking questions about it, so that [00:02:00] if you were looking for a specific field to maybe tailor in or to specialize in, that would be one obviously that a lot of people will focus on, and there's probably a lot of opportunity for you to expand.
Highly recommend you get your CISSP done as soon as you can, because it's just going to get better. All right, so we're gonna be getting into the various subdomains are of the CISSP. Obviously, you all are connected with security risk management, which is your domain one, asset securities, domain two, security, architecture, and engineering is domain three.
And now we're gonna talk about that one today. So we've talked about the first two. We're gonna roll into architecture and engineering. Now this is an area that can get quite complicated. Not from a dual difficult standpoint, it's just there's lots of moving parts to it, and so you just gotta kinda have to break it down one little piece at a time.
And like people of our, how, you've probably heard this before, how do you eat an elephant? And they say one bite at a time. Now my daughter is from Uganda and they have elephants [00:03:00]that roll through their. Neighborhoods and destroy all our crops. I asked her that once. I said how do you eat an elephant?
And she said, we don't eat elephants. That was, again, you gotta understand the context of who you say that to because not everybody eats elephants, but it the ultimate. Point is just that it's so big and complex that you need to just break it down by individual pieces. So today we're gonna talk about the various security models and the security frameworks because not all of them are a model.
So what you're gonna come to, you can go ahead on over to CISSP cyber training and you'll bail able once I get this. Podcast put out out there and you'll be able to listen to it. I'll also have this podcast available on CISSP cyber training as well. So you'll see that out there. And there's also some of those trainings that'll be available to you, but about this specific topic specifically.
So today we're gonna talk about Bell La I can never say this PK. [00:04:00] I think, yeah, I just totally butchered that. But anyway, bell, we're gonna talk about Bell P and then we're gonna talk about the Biva model. We'll talk about Clark Wilson Brewers Cap Theorem, which I mentioned before. I said not all of these are models.
Some of them are actually a theory or a more or less a framework. And then we'll talk about the Take grant model. And it, and I had a, one of the folks that was part of our community at CISSP cyber training was making a comment that he said I don't understand all of these models. What are they?
And do I have to ever know these models? Now I've been a, and one of the pieces he said is that I've worked with my security architects, and I've never heard them say this before. And as a security architect in the past, I've never mentioned the names per se, but you will use the methods in how you utilize these various security models.
And they're also very helpful when you're talking to independent people, or I should say, there's not like independent people on the street [00:05:00] going, Hey, can I help you about this model? This model's pretty awesome. Yeah, you'll get hit with something, but no, when you're talking to your senior leaders, At your organization or individuals that are trying to get things done and you are trying to implement these sec various security controls, they're, these are really good ways that you can talk to them.
About how they can utilize this model within their organization. Organization. So those first start off with the Bell LADA model, which is butchered terribly, and I'm sure somebody can probably help Correct me on that. That would be awesome because I just did a terrible job with it. Now this model it is, it's the first one that usually comes out and people talk about it a lot because it's tied.
To the top secret, confidential type of mantra, but it focuses on this confidentiality, specifically preventing unauthorized access to the information. Now, as an example, they'll have various levels that will include secret, [00:06:00] top, secret confidential. Unclassified. They use those types of models, or I should say terminology.
And the purpose behind that is, is that the model, the information that is in that area is not allowed to leak to lower security levels. So what does that mean by that? What do I mean by that? Is that when you are. Utilizing some data that is in the secret bucket. So you, you're told I need to go and utilize some information that is in the secret bucket.
So if you're gonna go log in, and we do this in the military, there's various computer systems that are set up to allow you access into these secret systems. You log in, you gain access to these systems. You cannot take data out of the secret system and put it in the top secret system and visa versa. If you want to go to the top secret system, you can't take it out and put it into the secret system.
They are very specific [00:07:00] buckets and they avoid from being downgraded or leaked by anything because of the fact that you have very specific areas that you can go. Now, this model was developed back in the 1970s by a gentleman named David Bell and Leonard. And these were both part of the United States Department of Defense, and obviously when you start dealing with the term secret, top secret the Department of Defense kind of gets rolled into that.
They define the security levels for the data and the users, and then basically which level is assigned. To that specific label, like I mentioned before, if it's SEC Secret, that's where that label, and that's where those users are allowed to gain access to it, where it's top secret. They're not allowed to gain access to it in a certain area, so they're very limited on what they can do.
And these labels indicate the label of sensitivity that is of the data and the level that the clearance of the user. So like in the case of, we have individuals in the military, they have come in with a secret clearance and [00:08:00] having a secret clearance. They're limited to secret information only. And. If you get on the secret side, in most cases, if you have a secret clearance, you can gain access to pretty much everything that is secret.
They don't really hold you back too much on that. You get into the top secret area. Then you have very limited access to specific top secret items, and there's what they call caveats that go into there where. You are limited to let's just say top secret program A, but if you have program A, you can't get into program B.
And then if you can't get into program B, but you can get into program z zed from our friends in the uk then you have access to that. So it's very limited on what you can and cannot do. Now that requires somebody to basically be the person that is managing that access. And I'm gonna focus a little bit stronger on this one, just because one, it's a little bit more near and dear to my heart, but also the fact that it's u it's utilized quite substantially for our folks that are in the various branches of the military or the US government [00:09:00] or various governments.
And I say the US government, and obviously the CISSP is focused around a lot of the US side as it relates to questions. However, it doesn't matter which. Company, you or country you work for, you all have, whatever country you're at has a version of this. Whether you're Chinese, Filipino, Australian, it doesn't matter.
Each country has a version similar to this whole model. Now it has basically two key rules. It's known as no ReadUP and no write down. So like I mentioned before, you're in the bucket. You stay in the bucket. Now, these systems, when they deal with no ReadUP and no write down, you'll see those terms when you're taking the test and they'll ask that specific question and you'll need to know what does that No, read up, no write down mean, because they may ask you a question, not saying the model.
They may say, What is the model that allows you for no ReadUP and no write down? Now these rules will state that the user with the security level can only [00:10:00] read the data that is the same level or lower. Now they will let you go lower. So yeah, if you have a secret clearance and you want to get access to unclassified data, you can get access to unclassified data.
But if you have secret, you cannot read higher, but you can't move data out. And that's the other aspects. Now, when it comes to moving data out, there is a process by which you can, so if something was top secret and was declassified to a lower level or completely taken out of the classification schema, there is a process by which this can be done.
But that has to be done with very specific methods and very specific people that will do that. Now it was designed to enforce confidentiality by preventing an unauthorized access to this sensa sensitive data. And that's the, that's a big factor in all of this, is that it's around the confidentiality of this.
Now, it differs from the other security models, such as the Bibo, which we're gonna roll into here in a minute. That focus on confidentiality rather than integrity. And that's a big difference around [00:11:00] this. The biba is designed around integrity by preventing unauthorized modifications to the data.
So that's what you're gonna under have to understand for the C I S'S P exam, understand the name, but more than understanding the name is understanding, what does it do? But when you go and you get out in the real world, And after the CS P exam is complete and you pass the CISSP exam, then it's not, people aren't gonna reference the bell model.
They're gonna reference, okay, you, I want to put this in a situation where I don't wanna allow anybody to read up. They can read down, but they can't read up. I don't want anybody to be able to pull data out. Only be able to keep that data within its specific bucket and then that will cue you to go, okay, this is the Bell model security model.
So bottom line with the bell model is that it's used to enforce confidentiality by assigning security levels to data and to users, and then it basically re enforces the no read up and the no write down rules. Okay. So this does [00:12:00] differ from many of the other ones, but that's the main purpose around it.
So now we're gonna roll into the Biba model or Biba model. I'm not sure how someone says that. See the guys have these, they don't have like cool names, like the Smith model. See, that'd be a whole lot easier. There's like the Clark Wilson one. That's easy. I can understand that. But the Biba, so I'm probably just totally offending Mr.
Biba as I'm saying this, but. Mr. Kenneth Biba is his name, and it's he may or may not be here still. I don't know. This was developed back in the 1970s and it was a purpose was to be an alternative to the Bell Lada model. And again, that's, it's focused primarily on integrity and not on the confidentiality aspect.
Like the first one, the bell model is, Now the main thing around this model is Ben. Ken, okay. Or Ken, maybe I can call him. Ken, I wonder if you don't mind if I call him Ken. It is preventing unauthorized access to data and ensuring the data is not modified or destroyed by unauthorized individuals. Or the processes that are involved, [00:13:00] and again it's designed around integrity, but it does deal with the entire c i a triad, but it is focused primarily around integrity, basically meaning that the information is accurate, reliable, and completely unaltered.
Okay, so when you're dealing with the concept of integrity, there are gonna be concepts, there are topics and terms that they talk about such as high and low, and you want be able to ensure that you have access to this information, but you want to make sure that it's not modified or access by individuals with lower integrity levels.
So the bottom line is that you don't want to have it. People that can, that. Don't have access to it, can go and read and write to it. That's the big factor around the integrity piece of it. Because if they don't have that access, then that can obviously cause some challenges. Now as what Ted mentioned before, obviously integrity is a big focus of what the.
Biba model is fo is around. However they do it does cover all of them right from the CIA tribe, like I mentioned [00:14:00] earlier. And when you're dealing with the integrity aspects of it, obviously it's keeping it from unauthorized people having access to the data. But the confidential confidentiality principle of this focuses on protecting sensitive information from unauthorized access.
And this can be done through a various ways, one through access controls. Encryption and then other security mechanisms that may be in place. Now, I dunno if you all saw in the news recently that the hardware encryption keys, far intel were compromised and they're trying to determine how that's going to in cause challenges that will roll and cascade down into future.
Encryption aspects, and we talk about that in the CISSP training around what are some aspects for the encryption piece that you need to understand. One of those is the TPM model, the trusted platform module that is out there, and the keys that are hardware or hardwired into these various chips that you'll see on your computers.
That's part of that overall process. [00:15:00] Now, it's not all systems this way, but they're, when you start having hardware keys and you start. Causing challenges with getting those hacked, like this is what happened to Intel. That can cause problems. What does that do? That will cause an issue in the fact that you can't confirm the confidentiality of the documents and or of the data that's going through that system.
So I, I just bring that up in the fact that when you are putting various measures and security controls in place, we have to always keep in mind as security practitioners that things can change to the point where it could mitigate some of the security controls you already have in place making all of your efforts moot.
So that's a problem. The other thing around availability as it relates to the biba model that you want to keep in mind is the fact that you can enforce the availability through various other aspects, through redundancy, through backups, disaster recovery planning and so forth. And that's a big factor.
And you might see questions as it relates to the BIBA model and it bringing into the [00:16:00] CIA triad. So if the CIA triad is a. Factor in the question where maybe give me a model that covers all aspects of the CIA triad. Biba would be one that you would pick over any other one. It would also, if someone tried to do a stump, the dummy question and said the LADA model was focus on all three of the CIA triad, you would know that is incorrect and wrong, because it does not.
It only focuses on the one. So again, the big differences around this is that. LAP model, it will focus on all three. Whereas lap the Lula does not it focus. Sorry, me. Correction. The Lula model focuses on confidentiality. The Biba model will focus on all three. Your availability, confidentiality, and integrity.
The Biba model is also used in systems that require high levels of data integrity and which would be tied to financial medical systems as well. So they're more used for those that [00:17:00] you have to maintain ensure that the data is correct, whereas the LAP model will be focused primarily on military or governmental type systems.
Okay, so now we're gonna roll into the easier name that I won't butcher, the Clark Wilson model. Okay. So this is a little bit easier from a standpoint of trying to say it but it was developed by David Clark and David Wilson, the David twins back in 1980. Okay. So just remember if they ask a question about that, if there was a David and a Tom in the question, then it's not right.
It's the David Wilson and David Clark, the band, the boy band of the 1980s. Now they're, they weren't a boy band that I'm aware of, but you never know. Now, did they have boy bands back then? I don't. I don't think so. That was the nineties or two thousands, somewhere around there. Now, the Clark Wilson model is a security model that focuses on ensuring the integrity of the data and the validity of the operations performed on the data.
Okay? So it uses what they call transaction rules and separation of duties. Now I deal with, say, P security for our [00:18:00] company. And we deal a lot with transaction rules and segregation of duties or separation of duties and s or we'll commonly hear of it called s o d. So s o d is one of those things where you don't want one single person to have complete control over all aspects of a transaction.
This is very important, especially when you're dealing with we call 'em e d I, which is your electronic data interchange type of communications where you're sending money. To locations, you don't want to have people to say that have the ability to go in my company, I want to be able to send a hundred thousand dollars to Company X, and Company X tends to be a shell company that this person just built.
So he went out, registered an L C, set it up. Went into the system, created himself a, an account then in turn created a purchase order. And now your company is sending information to this fake LLC that's in the Cayman Islands. You don't want that, right? And that's why you want separation of duties.
And I've seen this happen. You see this a lot with insecurity [00:19:00] where folks will they'll do the soc, the social engineering piece of this. The CEO e and there's actually a really, I'll come back to this article in a minute, but the c e o sends an email to the finance person and the finance per the CEO says, Hey, I'm stuck in Aruba.
I need you to wire me $15,000 to get back because my credit card is expired. It's the Nigerian uncle thing. And what ends up happening is the finance person goes sure I'll do that. No problem. And they do that and they wire the money to Aruba and make sure that CEO person gets all their money and come to find out that the CEO is not.
The CEO is . Rita sitting on a beach in Kazakhstan. I do They even have beaches. I think it might be all one beach. No, I don't know. Sitting on a beach in Kaza, Kazakhstan, enjoying the money that you just wired that person. So that is where you want to have separation of duties, because if you don't, you can have people making mistakes that can cause you lots and lots of money.
There's actually [00:20:00] a recent article that just came out I think it was in the Wall Street Journal or Washington Post, around how AI is causing the social engineering aspect to just go through the roof. And I believe it it, I really feel bad because there's plenty of people get, I've clicked on links accidentally and I'm supposed to be an expert and I'm not by any means.
We're there, we all make mistakes, so can you imagine? The grandma that's sitting in her drinking coffee, watching the birds out her window, all of a sudden going, oh, I got an email from Blankety-Blank. Oh, it tells me that if I click on this link, I'll make lots of money. But it came from Fred, who's my nephew, and I trust him completely.
And next thing you know she just gave away the b the farm, so those are, sorry to digress, but It's true. It's one of these things where AI is going to be a big factor, not just from a technology standpoint of what it can do, but how it can manipulate people in ways that we never, we can't even imagine right now at this point.
So again, they have well-formed [00:21:00] transaction rules, and these must be considered and valid for youth, for things to work. And it's designed to provide data integrity and transactional security and systems that have different levels of access to the data. So again, you don't want one single person to have complete control, and you wanna have that transactional logs in place to be able to validate and use it from an audit perspective.
Now there's based on two key concepts, separation. Do this right, like I said before, and then and a concept called the constrained data item. Now you might see notice of that, of what this is in the exam, and they go there is blankety blank with a constrained data item. Now if if you see that, that term, that would probably cue you to think, okay, this is the David Wilson model.
So you need to keep that in mind as well. So as you're studying for your CIS s p exam and they throw out this goofy word that you've never seen before, that would potentially trigger you to be the Clark Wilson model. Now don't just glob on that because you see the constrained data item because they've, [00:22:00] if it's in a word that says, this is not the model you want to make sure that the one that doesn't have the data cons, the data.
Constrained data item is the blank model. You wanna look for the double negative aspect where they turn around and try to trick you on that. D not to digress, I, which I do tend to digress at times, but you wanna make sure that you read the question thoroughly, but those are little nuggets that can help you get through the test, especially on some of these models.
Now the separation duties refers to the different individuals should be responsible for different aspects of the transac transaction. And the ultimate goal is to prevent fraud and error. Again, you want to avoid that, so that's how you can set that potentially up. Now the way you can di differ the Clark Wilson from the other security models is while the Lap Pula model focuses on confidentiality, the Wilson is designed.
To provide data integrity and transactional security. So look for that specific piece of this. So if they, and I say the Lalo MO model a lot because [00:23:00] that's one where people will glob onto as it relates to the secret, top secret aspect. So you need to make sure that one is dealing with confidentiality.
The other one deals with confidentiality, integrity, and availability. This one here will deal with integrity, but it also deals with transactional security. Then it also is focused on separating a duties again to reduce the fraud and error. So that's the big factors. You wanna look for, those key buckets, transactional and data integrity.
Now what I mentioned earlier about well-formed transactional rules and the separation of duties piece of this we'll get into the transactional rules. What are those now? A transactional rules is a set of instructions that the data must follow to be considered valid. So if it doesn't, if it doesn't meet that criterion, then it won't be valid.
And so these sh rules do ensure that the data is in the right format, meets the right specific criteria before any operations are done. This has done a lot with the E D I piece of this. You can't transfer data. It has to be in a specific format. In [00:24:00] some cases I deal with. Dealt that it has to have to be in an XML type format.
In other cases it can be in a pdf. It just depends on the receiving ends capability, one to receive it, and two, what kind of file are they anticipating to see. So if all of a sudden say you hacker gets into the E D I system as they get into the E D I system. They are gonna try to send transactions to their bank.
Their bank is only gonna accept it in a certain format. They decide that they're gonna try to send it in PDF format cuz they don't know. They don't know what they're doing and it gets sent in the wrong format. Then it will not process just because of the fact that it has to be in a specific format.
And in some cases around these EDI solutions, it would go to. I would sign off on it and then the supervisor or the supervisors supervisor would sign off on it. And for those to, again, that's the separation of duties piece of this where no one person does have complete control over the entire process.
And that's the aspect that you want to try to get [00:25:00] into. So you want, you wanna have the transactional rules that limit what it can do. Two, you also want the separation of duties that are allowing, that are separating people from the overall process themselves. Okay. I hope you understand that the, there's the key differences.
So real quick, we'll backtrack a second. The bell model confidentiality. The BIBA model is confidentiality, integrity, and availability. The Clark Wilson model is focused primarily on integrity and on transactional security. Now as we're gonna roll into the brewer cap theorem, or it's also note called Nash Brewer.
I, the Nash Brewer sounds a little bit more like a beer. I think that's, yeah, we could focus on that. That's probably easier than the brewer. Cap. Cap. Yeah. It's a c a p that could go kind in different ways. But the Nash brewer model, which is what I would learn first, was the Nash brewer.
I didn't even know this Brewer's cap theorem, but it's basically, it's a theorem, which means it's not. A model, it's just a thought process, and they're dealing with what they call the cap aspect is the [00:26:00] consistency, availability, and partition tolerance. Now, it's not a model at all, but it's more of a principle that helps in understanding the various trade-offs.
When designing a distributed system. Now in today's world, we deal a lot with a distributed system, especially in the cloud. And so this has help is designed to help you with those various distributed systems. Now it's not possible to have a. To achieve consistency across all systems. Okay?
So all nodes see the same data at the same time. You can't always do that. Availability. The systems themselves have to remain operational, even in the face of failures, that's a problem you have, and that partition tolerance is where the system continues to operate despite network partitions.
So again, you, this is designed for designers to make decisions on which aspects to prioritize based on the specific requirements. Of the system. So the thought process around this is just that you, what is the consistency of the data? What is the availability of the data? And then [00:27:00] can the data be partitioned and put into different aspects?
So here's some key understandings you need to take away from this process. And this can be confusing, but the understand what the cap part of it is that it? You can't always be, all systems cannot be simultaneously. In the same situation. So what does that mean? It says that if you, the Theorum basically states this, that a distributed system, with a distributed system, it is impossible to simultaneously achieve all three states, all three principles that are called out there.
And those three principles obviously is consistency across all them. These distributed systems, availability across all of them. And then tolerance basically means the data is. Perfectly synced across all of them is it's extremely challenging and you can't do that. So therefore what you have to do is you have to define trade-offs between those systems.
So you must prioritize with this theorem that you, which one are you going to prioritize and which ones are you going to sacrifice? So the, [00:28:00] they're basically saying two principles you need to prioritize, and then you sacrifice the third. So of those three, you decide, and this is very similar to what we deal with.
In the OT operational technology space, when you're dealing with the CIA triad, your confidentiality and integrity are more important than your availability in the business networks in some cases, right? Because you can operate if the network is don't. But in the OT space, your operational technology space, that is different, your availability is extremely important and your integrity.
Might be a very close second, whereas confidentiality may not be as big of a deal because those networks are relatively old and they're wide open. So you have to make decisions about how do you manage the data. And so it will help you understand that not all three of those states can be achieved at one time.
And so therefore you must pick which one is best. So I'll kinda give you a couple different examples around that. There's another term that we come up, we call about [00:29:00] consistency. Now this refers to all the idea that all the nodes in a distributed system should have the same view of the data at the same time.
So basically everything should be vis visible to all nodes. Now, if you've all worked in Office 365, you know that this is not the case. Now it does become available very quickly, but you can't see them all the time. As data's being updated, it isn't always available immediately. Now availability refers to the ability of the system to respond to requests in a timely manner, even if some knows in the system are unavailable or failed.
Now, if you deal with availability in, let's go an iot network, an internet of Things network, the availability of those systems. Can be impacted quite substantially because you may be, they're segregated on a, in a farm in the middle of nowhere, you may not have access to that data immediately. It may not update to the mqt M Q T server in the cloud or service, I should say, without maybe, but once a day or maybe once a week, you don't know.
So the availability will [00:30:00] be different apart a. Depending upon the data that you're trying to access. And then partition tolerances refers to the system's ability to continue to operate, even if there is a network partition. Meaning that some nodes are cut off from communicating with each others. So tho those are the thing when you're dealing with cap consistency, availability, and partitions.
What are the key aspects around that? Now in a distributed system, you need to make sure that each of these principles is a very important part of it, but it is impossible to optimize it for all three simultaneously. So you must focus, as an example, you must focus on consistency and availability, and then partition tolerance may be sacrificed.
But on the flip side of that, If you focus on availability and partition tolerance, then consistency may be sacrificed. So you have to, as the security professional, help determine which one do you want to do, because you're gonna have FE people come to you and ask you what do I do about this data?
How do I best protect it? And you're gonna have to determine what is the need of the data, what is the purpose of the data?[00:31:00] How do, is it have to be available all the time? Does it not have to be available all the time? So all of those aspects you are gonna have to work through with this. Okay, so I'm gonna break down some guarantees that we talk about here.
So here there's another term I'm gonna throw out you guarantees, but there's our g the cap theorem does come approach or does approach this in different ways, and they do want to talk about the guarantees. And the guarantees are the consistency, availability, and the partition tolerance. So let's I'll break it down a little bit more so that you understand what exactly they're meaning here.
So when you're dealing with consistency, We talked about how they have to all agree on the same information at the same time, and this means no matter where you look in the system, you will see the same data in all updates, right? The availability means it's all up and running, and you can access it whenever you want to, wherever you need to, and that the system remains operational, even if some parts of it fail or are not working.
That's the availability piece. And then the partition tolerance basically means that you can continue to work and serve its [00:32:00] purpose. Even if some parts cannot communicate with each other due to the network failures or other security issues, that it does ensure that the system can handle situations.
Where computers or other parts of the network are become disconnected or unavailable. So that's where it is breaking that cap down a little bit more. So you, I know you, I said it a lot, but I'm trying to under help you understand that those are the big factors as it relates to the cap theorem.
So if you can break these different ones down, it's gonna help you dramatically as it relates to understanding these questions on the CISSP. Okay, so now I'm gonna roll into the last one, which is the take grant model. Now I, this is a little bit more gonna be quicker just in the fact that it's basically designed the take grant model and it's not about people.
So there is no take. Last person would take and the last person grant. No. There, that's not, no. It's designed between subjects and objects and it's basically taking and granting access is what it's around. Now these rules define that are [00:33:00] basically granting and taking permissions to help. Analyze access control scenarios by examining path and permissions between the subjects and the objects.
And we've talked about this in the C I SS P, you'll get into subjects and objects quite substantially. And I'll give you just a real easy example on how to understand the Tate grant model. And one of the pieces that comes into this is we'll use high school in the United States with my daughters around the globe.
They all in different, if they're in China, they have a different. Schooling system. If you're in Uganda, it's a different schooling system. I've got a friend of mine that is, it's dating my daughters from Sri Lanka. They have a different type of system, so I'll focus on the United States. It's the high school, it's the last few four years before you graduate and go into, off to university, off to college.
So the, I'll give you a high school take on this because that's my, my education is at least in the cyberspace. Yeah that's all self-taught. It's probably high school and because I'm so old, our high school was basic [00:34:00] programming and it was nothing compared to what it is today. But here's just a high school look at the take grant model.
Now it does help you define and how you analyze how permissions or authority can be granted and taken away. So if you have a student that is out there and you want to grant them authority to go to the bathroom in the hallway, it is a process by which it's granted or removed for that student to go to the restroom.
All right, so that will go to the same restroom model. Now, in this case the principal of the high school says, has certain powers that allow that. Person to go to the bathroom or not go to the bathroom and they can go and do those things. Now they have the power to basically say they can organize events, they can allow you to go to the bathroom, they can not allow you to go to the bathroom, and they can give those, they can grant access and they can take away these powers as well.
So it's all based on how they could receive or lose the privileges based on certain conditions. Or actions. So it's real simple, right? And you guys deal with this on a [00:35:00] daily basis. Take grant model is something that we all walk through and anything there's an authority figure in your life, whether it's, in my case, my wife, or it is your principle.
You have the take grant method. Now, the purpose of this model is to ensure that authority is distributed. And managed properly within an organization. So you, again, you have various roles within your company and they are going to take, or they're going to grant permissions based on the need that you may have.
So that's as simple as it gets, right? So you can, they can give you privileges or they can remove the privileges based on the overall need. And it's based on the role that you are sitting in. So that's probably one of the most simple concepts around the Take grant method. So now I'll say next podcast, we're gonna have some questions, but I'm gonna give you just a couple, I'll give a couple examples of a question that you might see on the CISSP as it relates [00:36:00] to these different models.
And so let's just pick up a couple here. All right, so in the context of a security model, this is a question that you might see which Principle VI is violated by the BIBA model. So in the context of a security model, which principle is violated by the Biba model? A, confidentiality, B, integrity, C, availability.
Or D accountability. Okay. So if you can go through this, you'll go, all right I know one of those is not a principle, right? So I can throw that one out especially, but which one might be violated by the BIBA model. Now we know the biba model does cover confidentiality, integrity, and availability.
However, the main focus of the BIBA model is around integrity rather than confidentiality. So you may, it would be one of those questions you'll be scratching your head going, I don't quite understand this one because, Shon said that CIA is covered on all things of the BIBA model. That is true, but the main focus of the Biba model is integrity.
So when you see [00:37:00] that, you'll see that question. You'll go, oh, okay, so which one is it? And you might bite off on the accountability one, be just because. That doesn't seem right, so I'll take pick one. That doesn't make any sense. Don't do that. Throw that one out. Okay. Cause that, that one's the wrong one.
But it again, in, when you're dealing with integrity in the BIBA model, it ensures that data integrity is maintained in preventing unauthorized modifications. Okay? So you need to make sure you understand that concept. Okay. Now we'll go, I'll give you one more quick question. So this is one I didn't talk about is the star property, but which security model enforces simple security property?
Or, and the star property. Now you go through this and go, all right, I haven't heard of any of these and I haven't mentioned the star property, but we'll quickly go into that, where the Bela PDA model is a Clark Wilson model is B brewer cap theorem, right? Not the model, but the theorem of the framework is C, and then the non interference model.
Okay, so the bell of poodle model does enforce simple security [00:38:00] property, which basically means no ReadUP and the star property, which is no write down. Now, I didn't say that in our training today, but that is another term they will use as well. So this is why you have to be. Understand some of these different various terms that are out there because that isn't something that's sim real simple to you and reading the book and the, that you deal with from ISC squared around the C I SS P will talk about some of these, the simple security property and the star property, but they ensure that the subject can read only the information at the same or lower security levels while the star property ensures that the subject can only write information in the same.
Or higher security level, and you have to have that ability. But so again, when you're coming to Simple security is no read and the star property is no write down. So no read up is the simple, no write down is the star. Okay, so those are a couple questions as you see from the various models. Again, at the end of the day, the ultimate goal is to pass CISSP.
[00:39:00] You don't need to get a hundred, you just need to pass. And when you're focusing on the models, understand the key concepts around them and that will help you at least be able to navigate some of the questions you may anticipate seeing on the CISSP exam. All right. That's all I have for today. I hope you all have a wonderful, beautiful day wherever you're at on the globe, and we will catch ya on the flip side.
See ya.
CISSP Cyber Training Academy Program!
Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification?
Let CISSP Cyber Training help you pass the CISSP Test the first time!