Pass your certification exam. Faster. Guaranteed.

Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.


Comprehensive practice exam engine!

  • Unlimited access to thousands of practice questions
  • Exam readiness score
  • Smart reinforcement


All features in the FREE plan, plus:

  • Focused training ensures 100% exam readiness
  • Personalized learning plan
  • Align exam engine to your current baseline knowledge
  • Eliminate wasted study time
  • Exam pass guarantee
  • And much more

Formal Security Models Transcription

Welcome to our security models module. In this module, we will discuss the state machine, lattice based, non-interference, and information flow models. Before we can discuss the models, it is important to know some key terms. A subject is a user that's attempting to access some type of object or resource.

There are different levels that subjects can have for example a standard user versus an administrator. And an example of a subject might be a user, a process or perhaps a machine. Anything that's attempting to access an object. An object is a resource. These are passive entities that contain information that a user wants to access.

Some examples here are a file, a record in a database, or perhaps a memory location. An access is the flow of information between the subject and the object. It is basically the ability of the subject to perform a task or some interaction with an object. It's important to make sure that we are controlling access between our subjects and our objects to make sure that we do not have unauthorized individuals accessing resources that they should not be accessing.

There are some common security models that we can use to make sure that the interactions between our subjects and our objects are acceptable and are based our security policies. One example is a state machine model. In this model, access is based on objects and their attributes. We also have the lattice-based module where we define upper and lower bounds.

The non-interference module where we create barriers between levels to prevent data leakage. And our Information flow model where data flows between objects at various security levels. The State Machine model is an abstract model used by old computer systems. It does not specify specific protection mechanisms or means of enforcing the model.

It deals with various states of operation or system states and it has a set of values for each of these initial states. Depending on the state the system is operating in there's a sequence of events that must be performed before the system can transform into the next state.

And the output and the next state depends on the inputs and the present state. So no matter what the system is trying to do, such as booting up, or if you have a system failure, this model is concerned with making sure that the system is secure at each state, and making sure that the intended sequence of events is followed.

The state machine model works with security levels, classifications, and clearances. In a single state machine model, there's a policy in place that dictates the security levels of that system. The system will only process data from a single security level, hence the name single state machine. There's no way to put separate classifications on this system, all of the data is at the same security level and all users have to have formal approval and full clearance to access all of the data on the system.

We also have multi-state machines. These are less secure than single state machines, but they're more flexible. With a multi state machine, we're processing data at two or more levels without the risk of compromising the system's security. The data can be classified or unclassified and not all users are required to have the full clearance.

For example, you could have a system that processes secret data as well as unclassified data. Only those users with a secret clearance would be able to access secret data, but any user would be able to access the unclassified data. Our next model is the lattice-based security model. This model uses a matrix that's two-dimensional to define what subjects are allowed to access, and at what permission level.

This model uses pairs of elements, and elements being a subject and an object, and each of these pairs will have an ordered set with a lower bound and an upper bound that define their access rights. When we're setting up these bounds or limits, we can use clearance levels like top secret or secret or unclassified.

And these are found in the Bell–LaPadula model or we could integrity levels, such as those found in the Biba model. And lattice based access control is very useful in complex environments and allows us to put security controls in place that'll work for those environments. And you can see in the model below that the user in question, is limited from accessing and confidential information because of their upper boundary.

And they're also limited from doing anything at the public level because of their lower boundary. So they're permitted to operate at the private and sensitive level. And these levels can be customized depending on the needs of your organization and the user that's being assigned the privileges. We also have a model known as the non-interference model.

Here we want to prevent individuals from interfering with other individuals, so we place preventative controls in place. The theory here is that the users are restricted to working in different areas called domains. And a domain in just a set of objects that user is allowed to access. The user at one level will not be able to tell what is happening at a higher security level.

And the users at the higher security level will not be able to interfere with individuals at levels below them. This does use a state machine approach to keep track of what actions are permitted for each user. And we wanna make sure that users in one domain or on one level can not affect or interfere with users in another domain.

This model also strives to ensure that users cannot be influenced by actions being taken by subjects at higher security levels. We also have the information flow model which is based on the lattice model. This model focuses on the way that information flows in a state machine. Obviously, our data objects are assigned a class or level of security as in the state machine model.

And every time there's an input in to the system, there's a state transition, and there's a specific output. And here, we don't use access control lists for objects, we use flow rolls, and we try to restrict information from flowing in ways that would violate our security policy. For example, if a user takes a piece of top secret data and saves it in to an unclassified area, then unauthorized individuals would be able to access it.

So we wanna prevent this type of behavior and this model also allows for the detection and logging of any rule violations. To ensure some accountability in case these types of activities are occurring. This concludes our security models module. Thank you for watching.

Included in all plans.

1000's of practice test questions

Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.

Exam Readiness Score

Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.

Smart Reinforcement

Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.

THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!

PRO Membership Benefits.

Personalized Learning Plan

Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.

Exam Pass Guarantee

Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.

Eliminate Wasted Study Time

Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.

Coming Soon - Simulated Exam

More PRO benefits are being built all the time!