CCT 181: Mastering Security Models - Bell-LaPadula, Biba, and Clark-Wilson for the CISSP (Domain 3)

Crack the code of security architecture and engineering with this episode of the CISSP Cyber Training Podcast! Ever wondered how different security models apply to real-world scenarios? We'll give you the insights and knowledge you need to discuss these models confidently with senior leaders and implement robust security controls. We promise you'll walk away with a mastery of foundational models like Bell-LaPadula and Biba, essential for any cybersecurity professional.

Join us as we dissect the origins and key principles of these models, highlighting "no read up" and "no write down" from Bell-LaPadula and the unwavering focus on data integrity in Biba. We also spotlight the Clark-Wilson model's approach to preventing fraud through transaction rules and separation of duties. These discussions are backed by real-world examples from military and governmental contexts, providing a tangible understanding for those preparing for the CISSP exam.

The conversation doesn't stop there. We delve into distributed systems, unpacking the trade-offs outlined by the CAP theorem, and illustrate its application using Office 365 and IoT networks. Finally, we simplify the Take-Grant model for access control scenarios, ensuring you grasp the critical concepts like the simple security property and the star property. This episode is your ultimate guide to mastering CISSP Domain 3 and staying ahead in the ever-evolving field of cybersecurity.

Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

TRANSCRIPT

Speaker 1: 0:00 

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. Alright, let's get started. Let's go. Cybersecurity knowledge All right, let's get started. Hey, all this is Sean Gerber with the CISSP Cyber Training Podcast. Hope you all are doing wonderful today.

Speaker 1: 0:33 

And today is a beautiful Monday here in the United States and it's just, it's awesome. It's awesome it's we're now getting into spring, and so there's our wonderful things that we're starting to see outside, and it's green. Finally, we don't in Kansas. Here it doesn't get a lot of rain, so it does have a bit of a challenge. Sometimes, when the green grass does not want to be so green, it ends up being more brown. But it has been an awesome just awesome couple of weeks and we're pretty excited about that. Just awesome couple of weeks and we're pretty excited about that.

Speaker 1: 1:05 

I would say we're going to be talking about today the CISSP and some different topics that may be a little bit hard for some people. And I don't mean in the fact that it's too hard to understand, I mean it's kind of hard to hang on because we're going to be getting into security models. Now I don't know if you all have seen any news lately that what's been going on, but it's pretty amazing how quick and how pervasive this whole AI model has started to move forward. And I would tell you that, from a cybersecurity standpoint, you all have chosen wisely. If you're looking to get into cybersecurity and you're taking your CISSP. The market is going to do nothing but increase in its capability for you and your family, and I think it's really important that you take this time now, especially if you're just starting to study for it and get into this fully, just because I'm getting at least one to two calls a day about AI and people asking questions about it, so that if you were looking for a specific field to maybe tailor in or to specialize in, that would be one, obviously, that a lot of people will focus on and there's probably a lot of opportunity for you to expand. So I highly recommend you get your CISSP done as soon as you can, because it's just going to get better. All right, so we're going to be getting into.

Speaker 1: 2:26 

The various subdomains are of the CISSP. Obviously, you all are connected with security, risk management, which is your domain one. Asset security is domain two. Security architecture and engineering is domain three, and now we're going to kind of talk about that one today. So we've we've talked about the first two. We're going to roll into architecture and engineering.

Speaker 1: 2:46 

Now this is an area that can get quite complicated, not from a difficult standpoint, it's just there's lots of moving parts to it, and so you just got to kind of have to break it down one little piece at a time and, like people of our power, you've probably heard this before how do you eat an elephant? And they say one bite at a time. Now my daughter is from Uganda and they have elephants that roll through their neighborhoods and kind of destroy all their crops. I asked her that once. I said how do you eat an elephant? She said we don't eat elephants. So again, you've got to understand the context of who you say that to, because not everybody eats elephants. Got to understand the context of who you say that to, because not everybody eats elephants. But the ultimate point is just that it's so big and complex that you need to just kind of break it down by individual pieces.

Speaker 1: 3:33 

So today we're going to talk about the various security models and the security frameworks, because not all of them are a model. So what you're going to come to, you can go ahead and head on over to CISSP Cyber Training and you'll be able to. Once I get this podcast put out there and you'll be able to listen to it. I'll also have this podcast available on CISSP Cyber Training as well, so you'll see that out there, and there's also some other trainings that will be available to you about this specific topic specifically. So today we're going to talk about Bell-LaPool-LaPool I can never say this Poolda, poolda, I think. Yeah, I just totally butchered that. But anyway, Bell, we're going to talk about Bell P, and then we're going to talk about the Bibba model. We'll talk about Clark-Wilson Brewer's Cap Theorem, which I mentioned before.

Speaker 1: 4:23 

I said not all of these are models. Some of them are actually a theory or a more or less a framework, and then we'll talk about the Tate Grant model. So, and I had one of the folks that was part of our community at CISSP Cyber Training was making a comment that he said I don't understand all of these models. What are they? I don't understand all of these models. What are they and do I have to ever know these models? Now, I've been a and one of the pieces he said is that I work with my security architects and I've never heard them say this before, and, as a security architect in the past, I've never mentioned the names per se.

Speaker 1: 4:59 

But you will use the methods in how you utilize these various security models. Will use the methods in how you utilize these various security models, and they're also very helpful when you're talking to independent people or I should say there's not like independent people on the street going, hey, can I tell you about this model? This model is pretty awesome. Yeah right, you'll get hit with something, but no, when you're talking to your senior leaders at your organization or individuals that are trying to get things done and you are trying to implement these various security controls, these are really good ways that you can talk to them about how they can utilize this model within their organization. So we'll first start off with the Bell-Lapulda model, which is butchered terribly, and I'm sure someone can probably help correct me on that. That would be awesome, because I just did a terrible job with it.

Speaker 1: 5:51 

Now, this model it's the first one that usually comes out and people talk about it a lot because it's tied to the top secret, secret, confidential type of mantra, but it focuses on this confidentiality, specifically preventing unauthorized access to the information. Now, as an example, they'll have various levels that will include secret, top secret, confidential, unclassified. They use those types of models, or I should say, terminology, and the purpose behind that is that the information that is in that area is not allowed to leak to lower security levels. So what does that mean by that? What do I mean by that Is that when you are utilizing some data that is in the secret bucket, so you're told I need to go and utilize some information that is in the secret bucket, so you're told I need to go and utilize some information that is in the secret bucket. So if you're going to go log in and we do this in the military there's various computer systems that are set up to allow you access into these secret systems. You log in, you gain access to these systems. You cannot take data out of the secret system and put it in the top secret system and vice versa. If you want to go to the top secret system, you can't take it out and put it into the secret system. They are very specific buckets and they avoid from being downgraded or leaked by anything because of the fact that you have very specific areas that you can go of, the fact that you have very specific areas that you can go.

Speaker 1: 7:27 

Now, this model was developed back in the 1970s by a gentleman named David Bell and Leonard Lapulda, and these were both part of the United States Department of Defense and obviously, when you start dealing with the term secret, top secret, the Department of Defense kind of gets rolled into that. Well, they define the security levels for the data and the users and then basically which level is assigned to that specific label. Like I mentioned before, if it's secret, that's where that label and that's where those users are allowed to gain access to it. Where it's top secret, they're not allowed to gain access to it in a certain area, so they're very limited on what they can do. And these labels indicate the level of sensitivity, that is, of the data, and the level that the clearance of the user. So, like in the case of we have individuals in the military.

Speaker 1: 8:13 

They have come in with a secret clearance and, having a secret clearance, they're limited to secret information only, and if you get on the secret side, in most cases, if you have a secret clearance, you can gain access to pretty much everything that is secret. They don't really hold you back too much on that. You get into the top secret area, then you have very limited access to specific top secret items and there's what they call caveats that go into there, where you are limited to, let's just say, top secret program A. But if you have program A you can't get into program B. And then if you can't get into program B but you can get in program Z Zed for my friends in the UK then you have access to that. So it's very limited on what you can and cannot do. Now that requires somebody to basically be the person that is managing that access.

Speaker 1: 9:05 

And I'm going to focus a little bit stronger on this one just because one it's a little bit more near and dear to my heart, but also the fact that it's utilized quite substantially for our folks that are in the various branches of the military or the US government or various governments and I say the US government, and obviously the CISSP is focused around a lot of the US side as it relates to questions. However, it doesn't matter which company you are, country you work for, you all have, whatever country you're at, have a version of this. Whether you're Chinese, filipino, australian, it doesn't matter. Each country has a version similar to this whole model. Now it has has basically two key rules.

Speaker 1: 9:46 

It's known as no read up and no write down. So, like I mentioned before, you're in the bucket, you stay in the bucket. Now these systems, when they deal with no read up and no write down, you'll see those terms when you're taking the test and they'll ask that specific question and you'll need to know what does that no read up, no write down mean? Because they may ask you a question, not saying the model. They may say what is the model that allows you for no read up and no write down? Now these rules will state that the user with the security level can only read the data. That is the same level or lower. Now they will let you go lower. So if you have a secret clearance and you want to get access to unclassified data, you can get access to unclassified data, but if you have secret, you cannot read higher, but you can't move data out. And that's the other aspects.

Speaker 1: 10:36 

Now, when it comes to moving data out. There is a process by which you can. So, if something was top secret and was declassified to a lower level or completely taken out of the classification schema, there is a process by which this can be done, but that has to be done with very specific methods and very specific people that will do that. Now, it was designed to enforce confidentiality by preventing an unauthorized access to this sensitive data, and that's a big factor in all of this is that it's around the confidentiality of this. Now, it differs from the other security models, such as the BIBA, which we're going to roll into here in a minute, that focus on confidentiality rather than integrity, and that's a big difference around this. The BIBA is designed around integrity by preventing unauthorized modifications to the data. So that's what you're going to have to understand for the CISSP exam Understand the name, but more than understanding the name is understanding what does it do?

Speaker 1: 11:36 

But when you go and you get out in the real world and after the CISSP exam is complete and you pass the CISSP exam, then people aren't going to reference the Bell model, they're going to reference okay. Well, I want to put this in a situation where I don't want to allow anybody to read up, they can read down, but they can't read up. I don't want anybody to be able to pull data out, only be able to keep that data within its specific bucket, and then that will cue you to go okay. Well, this is the Bell model security model. So bottom line with the Bell model is that it's used to enforce confidentiality by assigning security levels to data and to users, and then it basically enforces the no read up and the no write down rules. Okay, so this does differ from many of the other ones, but that's the main purpose around it.

Speaker 1: 12:26 

So now we're gonna roll into the Biba model or Bible model. I'm not sure how someone says it. See, the guys have these. They don't have like cool names like the Smith model. That'd be a whole lot easier. There's like the Clark Wilson one. That's easy. I can understand that. But the Biba so I'm probably just totally offending Mr Biba as I'm saying this, but Mr Kenneth Bibba is his name and he may or may not be here still, I don't know.

Speaker 1: 12:49 

This was developed back in the 1970s and it was a purpose was to be an alternative to the Bell Laputa model. Again, it's focused primarily on integrity and not on the confidentiality aspect, like the first one, the Bell model is. Now, the main thing around this model is Ken, okay, or Ken. Maybe I can call him Ken. I wonder if you mind if I call him Ken.

Speaker 1: 13:16 

It's preventing unauthorized access to data and ensuring the data is not modified or destroyed by unauthorized individuals or the processes that are involved. And again, it's designed around integrity, but it does deal with the entire CIA triad, but it is focused primarily around integrity, basically meaning that the information is accurate, reliable and completely unaltered. Okay, so when you're dealing with the concept of integrity, there are going to be concepts and topics and terms that they talk about, such as high and low, and you want to be able to ensure that you have access to this information, but you want to make sure that it's not modified or accessed by individuals with lower integrity levels. So the bottom line is that you don't want to have people that don't have access to it can go and read and write to it. That's the big factor around the integrity piece of it, because if they don't have that access, then that can obviously cause some challenges. Now, as I mentioned before, obviously integrity is a big focus of what the Biba model is around. However, it does cover all of them, right from the CIA tribe, like I mentioned earlier, and when you're dealing with the integrity aspects of it. Obviously it is keeping it from unauthorized people having access to the data, but the confidentiality principle of this focuses on protecting sensitive information from unauthorized access, and this can be done through various ways One through access controls, encryption and then other security mechanisms that may be in place.

Speaker 1: 14:51 

Now, I don't know if you all saw on the news recently that the hardware encryption keys for Intel were compromised and they're trying to determine how that's going to cause challenges that will roll and cascade down into future encryption aspects, and we talk about that in the CISSP training around. What are some aspects for the encryption piece that you need to understand? One of those is the TPM model, the Trusted Platform module that is out there, and the keys that are hardware or hardwired into these various chips that you'll see on your computers. Well, that's part of that overall process. Now, it's not all systems this way, but when you start having hardware keys and you start causing challenges with getting those hacked like this is what happened to Intel that can cause problems. Well, what does that do? That will cause an issue in the fact that you can't confirm the confidentiality of the documents or the data that's going through that system. So I just bring that up in the fact that when you are putting various measures and security controls in place, we have to always keep in mind, as security practitioners, that things can change to the point where it could mitigate some of the security controls you already have in place, making all of your efforts kind of moot. So it's kind of a problem. The other thing around availability, as it relates to the BIBA model that you want to keep in mind is the fact that you can enforce the availability through various other aspects through redundancy, through backups, disaster recovery planning and so forth, and that's a big factor.

Speaker 1: 16:24 

You might see questions as it relates to the BIMA model and it bringing into the CIA triad. So if the CIA triad is a factor in the question where maybe give me a model that covers all aspects of the CIA triad, biba would be one that you would pick over any other one. It would. Also, if someone tried to do a stump the dummy question and said the Laputa model was focused on all three of the CIA triad, you would know that that is incorrect and wrong because it does not, it only focuses on the one. So again, the big differences around this is that the Lapula model it will focus on all three, whereas the Lapula does not. Sorry, I made a correction. The Lapula model focuses on confidentiality. The Biba model will focus on all three your availability, confidentiality and integrity. The BIBA model is also used in systems that require high levels of data integrity, which would be tied to financial medical systems as well. So they're more used for those that you have to maintain and ensure that the data is correct, whereas the Pula model will be focused primarily on military or governmental type systems.

Speaker 1: 17:40 

Okay, so now we're going to roll into the easier name that I won't butcher, the Clark-Wilson model. Okay, so this is a little bit easier from a standpoint of trying to say it, but it was developed by David Clark and David Wilson, the David twins, back in 1980. Okay, so just remember, if they ask a question about that, if there was a David and a Tom in the question, then it's not right. It's the David Wilson and David Clark the boy band of the 1980s. Now, they weren't a boy band that I'm aware of, but you never know Now. Did they have boy bands back then? I don't think so. That was the 90s or 2000s somewhere around there. Now the Clark-Wilson model is a security model that focuses on ensuring the integrity of the data and the validity of the operations performed on the data. Okay, so it uses what they call transaction rules and separation of duties.

Speaker 1: 18:29 

Now I deal with, say, p security for our company and we deal a lot with transaction rules and segregation of duties or separation of duties, and we commonly hear of it called SOD. So SOD is one of those things where you don't want one single person to have complete control over all aspects of the transaction. This is very important, especially when you're dealing with we call them EDI, which is your electronic data interchange type of communications, where you're sending money to locations. You don't want to have people to say that have the ability to go. Well, in my company, I want to be able to send $100,000 to company X, and company X tends to be a shell company that this person just built. So he went out, registered an LLC, set it up, went into the system, created himself an account, then in turn, created a purchase order, and now your company is sending information to this fake LLC that's in the Cayman Islands. You don't want that right, and that's why you want separation of duties.

Speaker 1: 19:29 

And I've seen this happen. You see this a lot with insecurity, where folks will. You'll do the social engineering piece of this. So the CEO and there's actually a really I'll come back to this article in a minute but the CEO sends an email to the finance person and the finance person the CEO says hey, I'm stuck in Aruba. I need you to wire me $15,000 to get back because my credit card is expired. Right, it's the Nigerian uncle thing. And what ends up happening is is the finance person goes well, sure, I'll do that, no problem. And they do that. And they wire the money to Aruba and make sure that CEO person gets all their money and come to find out that the CEO is not the CEO.

Speaker 1: 20:13 

Is Rita sitting on a beach in Kazakhstan? Do they even have beaches? I think it might be all one beach. No, I don't know, sitting on a beach in Kazakhstan enjoying the money that you just wired that person? So that is where you want to have separation of duties, because if you don't, you can have people making mistakes that can cause you lots and lots and lots of money.

Speaker 1: 20:36 

There's actually a recent article that just came out. I think it was in the Wall Street Journal or Washington Post around how AI is causing the social engineering aspect to just kind of go through the roof, and I believe it. I really feel bad because there's plenty of people get I've clicked on links accidentally and I'm supposed to be an expert, so, and I'm not by any means right, we're either. We all make mistakes. So can you imagine the grandma that's sitting in her, you drinking coffee, watching the birds out of her window, all of a sudden going oh, I got an email from blankety blank. Oh, it tells me that if I click on this link I'll make lots of money. But it came from Fred, who's my nephew and I trust him completely. And next thing, you know, she just gave away the farm. So those are sorry to digress, but it's true.

Speaker 1: 21:26 

It's one of these things where AI is going to be a big factor, not just from a technology standpoint of what it can do, but how it can manipulate people in ways that we never we can't even imagine right now at this point. So, again, they have well-formed transaction rules and these must be considered and valid for things to work, and it's designed to provide data integrity and transactional security in systems that have different levels of access to the data. So, again, you don't want one single person to have complete control and you want to have that transactional logs in place to be able to validate and use it from an audit perspective. Now there's based on two key concepts separation duties right, like I said before, and then uh, and a concept called the constrained data item. Now you might see notice of that, of what this is in in the exam, and they go there is blankety blank with a constrained data item. Now, if you know, if you see that that term, that would probably cue you to think, okay, this is the David Wilson model. So you need to keep that in mind as well. So, as you're studying for your CISSP exam and they throw out this goofy word that you've never seen before, that would potentially trigger you to be the Clark Wilson model. Now, don't just glob on that because you see the constrained data item, because if it's in a word that says this is not the model you want, you want to make sure that the one that doesn't have the data, the data constrained data item, is the blank model. You want to look for the double negative aspect where they turn around and try to trick you on that. So not to digress which I do tend to digress at times, but you want to make sure that you read the question thoroughly. But those are little nuggets that can help you get through the test, especially on some of these models.

Speaker 1: 23:10 

Now the separation duties refers to the different individuals should be responsible for different aspects of the transaction, and the ultimate goal is to prevent fraud and error. Again, you want to avoid that, so that's kind of how you can set that potentially up. Now, the way you can differ the Clark-Wilson from the other security models is, while the LaPula model focuses on confidentiality, the Wilson is designed to provide data integrity and transactional security. So look for that specific piece of this. And I say the Lapula model a lot because that's one where people will glob onto as it relates to the secret, top secret aspect. So you need to make sure that one is dealing with confidentiality. The other one deals with confidentiality, integrity and availability. This one here will deal with integrity, but it also deals with transactional security. Then it also is focused on separating duties, again to reduce the fraud and error. So that's the big factors. You want to look for those key buckets transactional and data integrity.

Speaker 1: 24:11 

Now, when I mentioned earlier about well-formed transactional rules and the separation of duties piece of this, we'll kind of get into the transactional rules and the separation of duties. Piece of this, we'll kind of get into the transactional rules. What are those? Now, a transactional rules is a set of instructions that the data must follow to be considered valid. So if it doesn't meet that criterion then it won't be valid. And so these rules do ensure that the data is in the right format, meets the right specific criteria, before any operations are done.

Speaker 1: 24:40 

This is done a lot with the EDI piece of this. You can't transfer data. It has to be in a specific format. In some cases I've dealt that it has to be in an XML type format. In other cases it can be in a PDF. It just depends on the receiving end's capability, one, to receive it and two, what kind of file are they anticipating to see? So if all of a sudden, say, a hacker gets into the EDI system, as they get into the EDI system they are going to try to send transactions to their bank. Well, their bank is only going to accept it in a certain format. Well, they decide that they're going to try to send it in PDF format because they don't know. They don't know what they're doing and it gets sent in the wrong format. Well then it will not process just because of the fact that it has to be in a specific format. And in some cases, around these EDI solutions, it would go to I would sign off on it and then the supervisor or the supervisor's supervisor would sign off on it and for those to check in.

Speaker 1: 25:38 

That's the separation of duties piece of this, where no one person does have complete control over the entire process and that's the aspect that you want to try to get into. So, one, you want to have the transactional rules that limit what it can do. Two, you also want the separation of duties that are separating people from the overall process themselves. Okay, I hope you understand that. There's the key differences. So, real quick, we'll backtrack. A second the Bell model confidentiality. The Biba model is confidentiality, integrity and availability. The Clark-Wilson model is focused primarily on integrity and on transactional security.

Speaker 1: 26:18 

Now, as we're going to roll into the Brewer-Capp theorem, or it's also called Nash Brewer, the Nash Brewer sounds a little bit more like a beer. I think that we could focus on that. That's probably easier than the Brewer-Capp Capp. Yes, it's C-A-P. That could go kind of different, different ways. But the Nash Brewer model, which is what I would learn first, was the Nash Brewer. I didn't even know this Brewer's cap theorem, but it's basically it's a theorem, which means it's not a model, it's just a thought process and they're dealing with what they call the cap aspect is the consistency, availability and partition tolerance. Now it's not a model at all, but it's more of a principle that helps in understanding the various trade-offs when designing a distributed system. Now, in today's world, we deal a lot with a distributed system, especially in the cloud, and so this is designed to help you with those various distributed systems.

Speaker 1: 27:12 

Now, it's not possible to achieve consistency across all systems, so all nodes see the same data at the same time. You can't always do that. Availability the systems themselves have to remain operational even in the face of failures. That's a problem you have. And the partition tolerance is where the system continues to operate despite network partitions. So again, this is designed for designers to make decisions on which aspects to prioritize, based on the specific requirements of the system. So the thought process around this is just that what is the consistency of the data, what is the availability of the data and then can the data be partitioned and put into different aspects.

Speaker 1: 27:56 

So here's some key understandings you need to kind of take away from this process and this can be kind of confusing but understand. What the cap part of it is is that you can't always be all systems cannot be simultaneously in the same situation. So what does that mean? It says that if you're the theorem basically states this that a distributed system, with a distributed system, it is impossible to simultaneously achieve all three states, all three principles that are called out there, and those three principles obviously, is consistency across all of them, these distributed systems, availability across all of them, and then tolerance, basically meaning the data is perfectly synced across all of them. It's extremely challenging and you can't do that. So therefore, what you have to do is you have to define trade-offs between those systems. So you must prioritize with this theorem that which one are you going to prioritize and which ones are you going to sacrifice? So they're basically saying two principles you need to prioritize and then you sacrifice the third. So of those three, you decide, and this is very similar to what we deal with in the OT operational technology space when you're dealing with the CIA triad, the CIA triad your confidentiality and integrity are more important than your availability in the business networks in some cases right, because you can operate if the network is down. But in the OT space, your operational technology space, that is different. Your availability is extremely important and your integrity might be a very close second, whereas confidentiality may not be as big of a deal, because those networks are relatively old and they're wide open. So you have to make decisions about how do you manage the data, and so it will help you kind of understand that not all three of those states can be achieved at one time, and so therefore you must pick which one is best. So I'll kind of give you a couple different examples.

Speaker 1: 29:54 

Around that there's another term that would come up. We call about consistency. Now, this refers to the idea that all the nodes in a distributed system should have the same view of the data at the same time. So basically, everything should be visible to all nodes. Now, if you've all worked in Office 365, you know that this is not the case. Now. It does become available very quickly, but you can't see them all the time. As data is being updated, it isn't always available immediately.

Speaker 1: 30:21 

Now, availability refers to the ability of the system to respond to requests in a timely manner, even if some nodes in the system are unavailable or failed. Now, if you deal with availability in let's go an IoT network, an Internet of Things network, the availability of those systems can be impacted quite substantially because you may be, they're segregated in a farm in the middle of nowhere. You may not have access to that data immediately, it may not update to the MQTT server in the cloud or service, I should say, without, maybe about once a day or maybe once a week, you don't know. So the availability will be different depending upon the data that you're trying to access. And then partition tolerances refers to the system's ability to continue to operate even if there is a network partition, meaning that some nodes are cut off from communicating with each other. So those are kind of the thing when you're dealing with CAP consistency, availability and partitions.

Speaker 1: 31:19 

What are the key aspects around that? Now, in a distributed system, you need to make sure that each of these principles is a very important part of it, but it is impossible to optimize it for all three simultaneously. So you must focus, as an example, you must focus on consistency and availability, and then partition tolerance may be sacrificed, but on the flip side of that, if you focus on availability and partition tolerance, then consistency may be sacrificed. So you have to, as the security professional kind of help, determine which one do you want to do, because you're going to have people come to you and ask you well, what do I do about this data? How do I best protect it? And you're going to have to. What do I do about this data? How do I best protect it? And you're going to have to determine what is the need of the data, what is the purpose of the data? How does it have to be available all the time? Does it not have to be available all the time? So all of those aspects you're going to have to work through with this.

Speaker 1: 32:12 

Okay, so I'm going to break down some guarantees that we talk about here. There's another term I'm going to throw at you guarantees, but the CAP theorem does approach this in different ways, and they do want to talk about the guarantees, and the guarantees are the consistency, availability and the partition tolerance. So I'll break it down a little bit more so that you kind of understand what exactly they're meaning here. So when you're dealing with consistency, we talked about how they have to all agree on the same information at the same time, and this means no matter where you look in the system, you will see the same data in all updates, right? The availability means it's all up and running and you can access it whenever you want to, wherever you need to, and that the system remains operational even if some parts of it fail or are not working. That's the availability piece. And then the partition tolerance basically means that you can continue to work and serve its purpose, even if some parts cannot communicate with each other due to the network failures or other security issues. So it does ensure that the system can handle situations where computers or other parts of the network become disconnected or unavailable. So that's where it's kind of breaking that cap down a little bit more. So I know I said it a lot, but I'm trying to help you understand that those are the big factors as it relates to the cap theorem. So if you can break these different ones down, it's going to help you dramatically as it relates to understanding these questions on the CISSP.

Speaker 1: 33:40 

Okay, so now I'm going to roll into the last one, which is the take grant model. Now this is a little bit more going to be quicker, just in the fact that it's basically designed the take grant model and it's not about people. So there's no take, last person will take and the last person grant. No, that's not no, it's designed between subjects and objects and it's basically taking and granting access is what it's around Now. These rules define that are basically granting and taking permissions to help analyze access control scenarios by examining paths and permissions between the subjects and the objects, and we've talked about this in the CISSP. You'll get into subjects and objects quite substantially and I'll give you just a real easy example on how to understand the Tate grant model.

Speaker 1: 34:26 

And one of the pieces that comes into this is we'll just use high school In the United States with my daughters around the globe. They all in different. If they're in China, they have a different schooling system. If you're in Uganda, it's a different schooling system. I've got a friend of mine that is dating my daughters from Sri Lanka. They have a different type of system. So I'll focus on the United States. It's the high school. It's the last few four years before you graduate and go into off to university, off to college. So I'll give you a high school take on this, because that's my education is at least in the cyberspace. Yeah, it's all self-taught, it's probably high school and, because I'm so old, our high school was basic programming and it was nothing compared to what it is today. But here's just a high school.

Speaker 1: 35:12 

Look at the TAKE grant model Now. It does help you define and how you analyze how permissions or authority can be granted and taken away. So if you have a student that is out there and you want to grant them authority to go to the bathroom in the hallway, it is a process by which it's granted or removed for that student to go to the restroom. All right, so that will go to the same restroom model. Now, in this case, the principal of the high school says has certain powers that allow that person to go to the bathroom or not go to the bathroom, and they can go and do those things. Now they have the power to basically say they can organize events, they can allow you to go to the bathroom, they can not allow you to go to the bathroom and they can give those, they can grant access access and they can take away these powers as well. So it's all based on how they could receive or lose the privileges based on certain conditions or actions. So it's real simple, right? And you guys deal with this on a daily basis.

Speaker 1: 36:09 

Take grant model is something that we all walk through. Anything, there's an authority figure in your life, whether it's, in my case, my wife, or it is your principal. You have the take grant method. Now, the purpose of this model is to ensure that authority is distributed and managed properly within an organization. So, again, you have various roles within your company and they are going to take or they're going to grant permissions based on the need that you may have. So that's as simple as it gets right. So they can give you privileges or they can remove the privileges based on the overall need, and it's based on the role that you are sitting in. So that's probably one of the most simple concepts around the take grant method.

Speaker 1: 36:57 

So now I'll say next podcast. We're going to have some questions, but I'm going to give you just a couple. I'll give a couple examples of a question that you might see on the CISSP as it relates to these different models, and so let's just kind of pick up a couple here, all right? So in the context of a security model model, this is a question that you might see which principle is violated by the bibba model. So, in the context of a security model, which principle is violated by the bibba model? A confidentiality, b integrity, c availability or d accountability? Okay, so you can go through this. You'll go all right. Well, I know one of those is not a principle, right, so I can throw that one out especially. But which one might be violated by the BIBA model? Now we know the BIBA model does cover confidentiality, integrity and availability. However, the main focus of the BIBA model is around integrity rather than confidentiality. So you may, it would be one of those questions you'll be scratching your head going.

Speaker 1: 38:02 

I don't quite understand this one, because Sean said that CIA is covered on all things of the Biba model. That is true, but the main focus of the Biba model is integrity. So when you see that, you'll see that question, you'll go, oh, okay, so which one is it? And you might bite off on the accountability one just because, well, that doesn't seem right, so I'll pick one that doesn't make any sense. Don't do that. Throw that one out, okay, cause that one's the wrong one. But again, when you're dealing with integrity in the Biba model, it ensures that data integrity is maintained and preventing unauthorized modifications. Okay, so you need to make sure you understand that concept.

Speaker 1: 38:34 

Okay, now we'll go to give you one more quick question. So this is what I didn't talk about is the star property. But which security model enforces? Simple security property or and the star property? Now you go through this and go all right. Well, I haven't heard of any of these and I haven't mentioned the star property, but we'll kind of quickly go into that. Where the Bell-Laputa model is A, clark-wilson model is B, brewer-kapp theorem right, not the model, but the theorem of the framework is C, and then the non-interference model Okay, so the Bell-Laputa model does enforce simple security property, which basically means no read up, and the star property, which is no write down.

Speaker 1: 39:18 

I didn't say that in our training today, but that is another term they will use as well. So this is why you have to understand some of these different various terms that are out there, because that isn't something that's real simple to you and reading the book that you deal with, from ISC squared around, the CISSP will talk about some of these the simple security property and the star property. But they ensure that the subject can read only the information at the same or lower security levels, while the star property ensures that the subject can only write information in the same or higher security level, and you have to have that ability. But so, again, when you're coming to simple security is no read and the star property is no write down. So no read up is the simple, no write down is the star.

Speaker 1: 40:04 

Okay, so those are a couple of questions. As you see from the various models, again, at the end of the day, the ultimate goal is to pass CISP. You don't need to get a hundred, you just need to pass and when you're focusing on the models, understand the key concepts around them and that will help you at least be able to navigate some of the questions you may anticipate seeing on the CISSP exam. All right, that's all I have for today. I hope you all have a wonderful, beautiful day, wherever you're at on the globe, and we will catch you on the flip side, see ya.