Question

Q1. Classify and explain the Bell LaPadula and Biba Security Models policy and properties in detail. Describe how vital these models are to the security and information security services as a whole. How are security services linked, and how do they support the security of information?

Q2. You offer storage services as a corporation and own a data warehouse estimated at USD 5,000,000 (including information & infrastructure). It is expected that 80% of the warehouse (including customer data) would be damaged/lost if the risk of a fire breaking out were to occur. For this warehouse-type, the probability of a fire breaking out is known to be 6% annually. Suppose you wanted to mitigate the risk to your data warehouse by implementing controls (safeguards) to decrease 50% (exactly half). Still, the cost of implementing these safeguards would be $40,000 per year. Explain why you should or should not buy the safeguards in a definitive quantitative case.

Answer 1

1.The Bell–LaPadula Model (BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell, to formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g., "Top Secret"), down to the least sensitive (e.g., "Unclassified" or "Public").

The Bell–LaPadula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model which describes rules for the protection of data integrity. A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a security policy. To determine whether a specific access mode is allowed, the clearance of a subject is compared to the classification of the object (more precisely, to the combination of classification and set of compartments, making up the security level) to determine if the subject is authorized for the specific access mode. The clearance/classification scheme is expressed in terms of a lattice. The model defines one discretionary access control (DAC) rule and two mandatory access control (MAC) rules with three security properties:

The Simple Security Property states that a subject at a given security level may not read an object at a higher security level.

The * (star)Security Property states that a subject at a given security level may not write to any object at a lower security level.

The Discretionary Security Property uses an access matrix to specify the discretionary access control.

2. The methods and procedures already mentioned are designed to minimize casual loss of data and maximize media longevity. However, even if you had perfect storage conditions and impeccable handling protocols, some media would still fail. Therefore, valuable data must be stored redundantly, that is, backed up, on more than one piece of media. In addition, backups and disaster recovery plans are needed to avoid catastrophic media loss from causes such as:

sabotage (theft, vandalism, malicious modification/erasure, viruses, terrorist attack etc)

natural disaster (fire, flood, earthquake, hurricane, tornado, infrastructure failure)

A disaster recovery plan that deals specifically with information technology infrastructure is needed. Developing such a plan is not a one-time process; it has to be tested and modified as changing circumstances dictate. Revisit the disaster recovery plan for events such as new staff, new or reorganized physical plant, or new equipment. Once a disaster recovery plan is in place, take steps to prevent catastrophes and minimize damage from them.

The maintenance of redundant copies of valued digital content is an essential component of any digital preservation program, and a key element in the prevention of catastrophic loss. A great variety of backup solutions are available. Which to use depends on:

quantity of data

rate of change

degree of automation desired

available budget

n addition to backing up data files, application software and operating systems may also need backup. In some cases, it may be necessary to purchase additional licenses or obtain special permission from the software vendor in order to back up applications.

In addition to testing backup media periodically to ensure the data is still readable and has not been altered, restore procedures should also be tested to ensure that the hardware, software and any outside vendors involved in maintaining backups are all functioning as expected.

A prudent backup strategy places at least one copy of all critical data at a sufficient distance from the main data store so that it is not likely to succumb to the same disaster. This is called off-site storage.