Address security, integrity and information flow
- Graham-Denning: Defines the commands that a subject can execute to create or delete an object.
- Noninterference: Prevents covert channels and interference attacks.
- Brewer & Nash
Address security and integrity
- Clark-Wilson
- State Machine: Is concerned with capturing a system’s state and ensuring its security.
- Bell-LaPadula (is a statemachine)
Further Descriptions
- Lipner: Was the first security model to separate objects into data and programs
- Harrison-Ruzzo-Ullman: Comprised of generic rights and a small set of commands