Points to review for CISSP exam, I took some notes from the Eleventh Hours (Eric Conrad), please read that book, this is just some points to remember, no explanation:


Bell-LaPadula Model


Focus: Maintain confidentiality of objects.


Mean: Not allowing users at a lower security levels to access objects in a different level or superior level.




  • Simple Security Property: no read up
  • Security Property: no write down
  • Strong Tranquility Property: security level will not change while the system is operating.
  • Weak Tranquility Property: security labels will not change in a  away that conflicts with define security properties


Lattice-based access controls


For every relationship between subjects and objects they set defined upper and lower access limit inside the system.


This depend of the need of the subjects, the label of the object and the role the subject has been assigned


Biba Model



The militaries focus in confidentiality for that reason Bell-LaPadula works fine, for business integrity is VERY important, Biba address this.




  • Simple Integrity Axiom: no read down. This protects integrity by preventing bad information from moving up from lower integrity levels
  • * Integrity Axiom: no write up: This protect integrity by preventing bad information from moving up to higher levels.




This is a real world integrity model that protects integrity by requiring subjects to access objects via programs.


Clark-Wilson use two primary concepts:


  1. Well formed transaction
  2. Separation of duties

This model implement Integrity-monitoring rules and integrity-preserving rules.


Also use the Access Tripe rule

Chinese Wall Model (Brewer-Nash)


This is designed to avoid conflicts of interest.


You can check the following books: