The paper "Appraising Security Architecture and Design Models" is a great example of coursework on information technology. A security model illustrates the security policy. Security policy entails aa document that effectively describes protection mechanisms for computers. The security policy entails a security statement of expectations of the system. The security model explains the entities governed through the policy; and illustrates rules that form part of the policy (Jonathan, 2008). There are various examples of security models: First, models that illustrate policies for integrity (Clark-Wilson) and confidentiality (Bell-LaPadula). Second, models applying static policies (Bell-LaPadula) and dynamic policies (Chinese Wall); and third, models which are informal (Clark-Wilson) and formal (Bell-LaPadula). The Bell-LaPuda Confidentiality Model involves the initial mathematical model with a security policy that is multilevel.
The model illustrates a secure state machine, methods of access, and rules of access. The model ensures that users with appropriate clearances (confidential, top-secret, and secret) are adequately authenticated. The model operates on two major rules; the subject cannot access data found at higher levels of security, and a subject cannot pass information to lower levels of security (Zellan, 2003).
The Clark-Wilson Integrity Model describes the integrity of the given information. The model divides data into two: constrained data items that should be effectively protected and unconstrained data items that require less protection (Zellan, 2003). The model prevents unauthorized individuals from further modification of the system. The separation of duties also limits authorized users from initiating improper modifications. The model has effective transactions; which ensure both internal and external consistency. The Chinese Wall Model ensures access controls which effectively changes, in accordance with the previous actions of the user.
The main purpose of the Chinese Wall Model is to safeguard against user’ s conflict of interests, during access attempts (Jonathan, 2008). No information is allowed to flow between the subjects and the objects, in a manner resulting in a conflict of interest. The subject can only write on an object, only if the subject is unable to read another object in different sets of data. A security model is responsible for mapping policy’ s abstract goals to the information system through specifying the explicit data structures that are required to implement the security policy (Cashell et al, 2004).
The security model is normally illustrated using analytical and mathematical concepts, which are mapped to the specifications of the systems, and developed through the programming code.