In the world of system architecture and IT policies, one is bound to run into the term “security model.” Well, what does that mean exactly?
Basically a security model is created as a way to understand what the security of a system or process looks like: how it is implemented, who has access to it, and what will they actually have access to.
3 Different Base Models
There are different base models you can use to put together a security model. We’ll focus on just three basic ones to start with: State Machine, Information Flow and Noninterference. (Don’t let the terms confuse you – they aren’t referring to any specific technologies or platforms. In fact, if you were bored, you could create a security model for your house, your checking accounts, or even your pets.)
1. State Machine
It’s the basis of many security models. It’s based on fixed numbers of “states” or options, the progression between those states, and actions that might occur because of all this. A common way to begin a State Machine model is to make a table like this:
State Transaction | State A | State B |
Condition 1 | ||
Condition 2 | State A | |
Condition 3 |
Ok, let’s simplify it more and use a real-life example:
Locked | Unlocked | |
Insert coin | Unlocked | |
Push Button | Locked |
Now what this is saying is that given the “State” of being Locked, when a coin is entered, the next state it will move to is Unlocked. And then, if it’s currently Unlocked, and the button is Pushed, the next state will be Locked. And round and round we go. Here’s another way to look at this – it’s called a State Diagram:
Each State is represented by the circles, and the transition between them by the arrows. The arrows are labeled with the inputs that trigger the transition. An input that doesn’t cause a state change loops back onto the current State. As in the case of just pushing the button without putting in a coin, how often have we tried that on a vending machine?
With this model, all possible states of the system need to be carefully examined to make sure that all transactions or processes are controlled. If we forgot to describe that we don’t want the door to become unlocked when just pushing the button, we’ve defeated part of the security of the system, right? Exactly.
2. Information Flow
The Information Flow model takes the State Machine model further. It still has States and transitions between them, but it adds in “lattice” or flow policy states. This model is great in preventing unauthorized and/or unsecured information from flowing where it shouldn’t.
Here’s a simple diagram of how it works:
Here we have a User Table that defines whether or not a user can trigger the Unlock Stage. If it’s defined that the user can, the transition proceeds to Unlock. If no access is defined, it remains in the Lock state. If User Adam isn’t defined in the User Table as having access, there is nothing he can do to Unlock the system. Hence the goal of this model is achieved: prevent unauthorized (or unsecure) information flow.
3. Noninterference
The Noninterference model takes things to a new level – quite literally. Its goal is to make sure that objects or information on different levels do not interfere with objects or information on other levels. It sets up boundaries that cannot be passed, almost like locking down the elevators and doors to certain floors of a building.
Picture time!
In this (again, simple) example, the Sales users can access Orders and Support can access Cases, but Sales can’t ever access Cases nor Support access Orders. This model also implies that each access request is completely independent of any others on different levels.
Now these three models are the basis for many more, and you can probably start seeing how they all can overlap and create a very detailed Security Model for any system. Remember, having a well-defined Security Model can greatly help you and your team understand how the system currently operates as a whole – and where improvements can be made, too.