Classic security models form the foundation of information security, helping organizations control access to sensitive data and preserve its confidentiality, integrity, and availability. These models were developed decades ago for military, government, and enterprise applications—and their principles still influence modern security. Below is a practical, easy-to-understand overview of the most important classic security models for CISSP, with clear examples for senior management.
What Are Classic Security Models?
Classic security models are formal frameworks that guide how information is protected within computers and organizations, focusing on who can access data and what actions they can perform. Think of these models as “rules of the road” for data access and protection, helping prevent information leaks, tampering, and fraud.
The Bell-LaPadula Model
Origins and Purpose
Developed in the 1970s by David Elliott Bell and Leonard J. LaPadula for the U.S. Department of Defense, the Bell-LaPadula model is all about confidentiality—keeping secrets safe. It was built to stop unauthorized people from getting access to classified information.
Main Rules (With Examples)
- No Read Up (“Simple Security Rule”): Employees can read documents at their own security level or lower, but not higher. For example, someone cleared for “Confidential” cannot read “Top Secret” files—just like a manager cannot see the CEO’s private emails.
- No Write Down (“Star Property Rule”): Employees may write only at their level or higher, never below. This prevents a “Top Secret” employee from accidentally leaking classified information into a less secure area—for instance, the CEO should not store Board secrets in general company folders.
Practical Use
Still popular in defense, government, and any business handling highly sensitive information, such as financial institutions or IP-heavy tech companies. The model’s classification system is used in military networks and can guide digital access policies for confidential documents.
The Biba Model
Origins and Purpose
Kenneth J. Biba introduced the Biba model in 1977. Instead of focusing on secrecy, Biba is about integrity—making sure information is accurate and not tampered with.
Main Rules (With Examples)
- No Read Down (“Simple Integrity Rule”): Users cannot read data from a lower integrity level. Imagine an executive dashboard: the CEO wants reliable data, so they pull from trusted sources only and ignore unverified notes.
- No Write Up (“Star Integrity Rule”): Users cannot write to a higher integrity level. For example, help desk staff should not overwrite official HR records, ensuring only authorized personnel can make official changes.
Practical Use
Banking and healthcare use Biba-inspired controls to keep critical data clean from lower-authority edits and ensure decisions are based on trustworthy sources. Audit trails and data provenance systems rely on Biba’s logic.
The Clark-Wilson Model
Origins and Purpose
Developed by David D. Clark and David R. Wilson in 1987, the Clark-Wilson model ensures integrity in commercial transactions and business processes, particularly for complex enterprise environments.
Main Rules (With Examples)
- All data must be manipulated only through well-defined programs or procedures (called Transformation Procedures).
- There must be separation of duties: for example, the person who requests a payment isn’t the same person who approves it, preventing fraud.
- Only authorized users can perform specific actions (Enforced via roles and certifications).
Practical Use
Common in accounting, banking, and process-driven industries. ERP systems use Clark-Wilson principles: a purchasing clerk can enter an invoice, but only a manager can approve payment, enforcing checks and balances.
Are These Models Still in Use?
While modern systems often blend features from multiple models or use newer approaches (like Role-Based Access Control), the classic models are the backbone of many regulatory, operational, and technical controls. Bell-LaPadula and Biba are directly reflected in military and government standards, and Clark-Wilson shapes compliance frameworks across industries.
A Few Real-World Examples
- Military networks: Use Bell-LaPadula to manage document access by clearance.
- Healthcare record systems: Apply Biba so patient data is updated only by verified medical staff.
- Corporate finance systems: Clark-Wilson prevents employees from both initiating and approving payments, stopping internal fraud.
Summary Table
| Model | Main Focus | Key Rule | Developed By | Example Use Case |
|---|---|---|---|---|
| Bell-LaPadula | Confidentiality | No Read Up, No Write Down | Bell & LaPadula | Classified government docs |
| Biba | Integrity | No Read Down, No Write Up | Kenneth Biba | Financial transaction records |
| Clark-Wilson | Integrity & Control | Well-formed transactions, Separation of duties | Clark & Wilson | ERP and accounting systems |
Conclusion
Classic CISSP security models set the standards for how organizations safeguard information, prevent leaks, and enforce trustworthy operation. Their principles remain foundational for senior management to build robust, compliant, and resilient systems.