List the Computer Security Hybrid Policies and explain.

Computer Security Hybrid Policies

Hybrid security policies combine elements of different security models to balance
confidentiality, integrity, and availability (CIA) in computer systems. These
policies integrate the strengths of traditional models to provide better security in
complex environments.

Types of Hybrid Security Policies

1. Chinese Wall Model (Brewer-Nash Model)
 Combination of: Mandatory Access Control (MAC) & Role-Based Access
Control (RBAC).
 Purpose: Prevents conflicts of interest by restricting access to sensitive data
based on past interactions.
 Example: A financial consultant who works with Company A cannot access
Company B’s data if both companies are competitors.
2. Graham-Denning Model
 Combination of: Access Control List (ACL) & Discretionary Access Control
(DAC).
 Purpose: Defines rules for object creation, deletion, access rights transfer,
and delegation.
 Example: A system administrator in an organization can create user
accounts, assign privileges, and revoke access when necessary.
3. Bell-LaPadula (BLP) + Biba Model
 Combination of: BLP (Confidentiality) & Biba (Integrity).
 Purpose: Enforces both data confidentiality and integrity by restricting
read/write access.
  Example: A military system ensures that a lower-ranking officer cannot read
top-secret files (BLP) and prevents them from modifying high-security data
(Biba).
4. Lattice-Based Access Control (LBAC)
 Combination of: Mandatory Access Control (MAC) & Multi-Level Security
(MLS).
 Purpose: Uses security levels to control data access and ensure information
flow restrictions.
 Example: In a government system, employees can access documents based
on security clearance levels, such as Confidential, Secret, and Top Secret.
5. Clark-Wilson + RBAC Model
 Combination of: Clark-Wilson Model (Integrity) & Role-Based Access
Control (RBAC).
 Purpose: Enforces data integrity using role-based restrictions and
authorized transactions.
 Example: In a hospital system, only doctors can update medical records,
while nurses can only read them.

Conclusion
Hybrid security policies enhance traditional models by incorporating multiple
security principles. These policies are essential in finance, healthcare, military,
and corporate environments where both data confidentiality and integrity are
crucial.

Computer Security Hybrid Policies

Introduction
Hybrid security policies combine multiple security models to achieve a balance
between confidentiality, integrity, and availability (CIA) in computer systems.
These policies integrate the strengths of different models to provide better
protection against unauthorized access, data corruption, and security breaches.
Many real-world systems require security measures that address multiple
concerns, such as preventing unauthorized disclosure of information
(confidentiality) while also ensuring that data remains accurate and unaltered
(integrity). Hybrid policies help achieve these goals by blending features from
various security models.

Key Hybrid Security Policies

1. Chinese Wall Model (Brewer-Nash Model)
Concept:
 Combines Mandatory Access Control (MAC) and Role-Based Access
Control (RBAC).
 Prevents conflicts of interest by restricting access to sensitive data based on
an individual’s past activities.
How It Works:
 If a user accesses data from one organization, they are prevented from
accessing competing organizations’ data.
 It dynamically updates access rights based on what the user has already
accessed.
Real-World Example:
 A financial consultant working with Company A cannot access Company B’s
records if both companies are competitors. This ensures that the consultant
does not use confidential information unfairly.

2. Graham-Denning Model
Concept:
  Combines Access Control List (ACL) and Discretionary Access Control
(DAC).
 Defines rules for creating, deleting, and controlling access to objects in a
system.
How It Works:
 Provides eight primitive protection rights, including:
1. Create object – Users can generate new files or databases.
2. Delete object – Users can remove files they own.
3. Create subject – Admins can add new users to a system.
4. Delete subject – Admins can revoke user accounts.
5. Read access – Users can view files.
6. Grant access rights – Privileged users can delegate rights to others.
7. Delete access rights – Admins can revoke permissions.
8. Transfer access rights – Users can pass permissions to others.
Real-World Example:
 A system administrator in an organization can create user accounts, assign
permissions to employees, and revoke access when necessary.

3. Bell-LaPadula (BLP) + Biba Model

Concept:
 A combination of Bell-LaPadula (Confidentiality Model) and Biba (Integrity
Model).
 Enforces both data confidentiality and data integrity in secure systems.
How It Works:
 Bell-LaPadula Model:
o Ensures confidentiality using “no read-up, no write-down” rules:
  No Read Up (Simple Security Property): Users can only read
data at their security level or lower.
 No Write Down (Star Property, *-Property): Users cannot
write to lower security levels.
 Biba Model:
o Ensures integrity using “no read-down, no write-up” rules:
 No Read Down: Prevents high-level users from reading low-
integrity data.
 No Write Up: Prevents low-integrity users from modifying high-
integrity data.
Real-World Example:
 Military or Government Systems:
o A classified military document can only be accessed by users with the
appropriate security clearance (BLP).
o A high-ranking officer cannot be influenced by low-integrity sources
to maintain data integrity (Biba).

4. Lattice-Based Access Control (LBAC)

Concept:
 Combines Mandatory Access Control (MAC) with Multi-Level Security
(MLS).
 Uses a hierarchical structure where each user has a defined level of access.
How It Works:
 Access control decisions are based on security labels assigned to users and
objects.
 Users can only access data at their security clearance level or below.
Real-World Example:
  Government agencies:
o Employees have clearance levels such as Confidential, Secret, and
Top Secret.
o A "Secret" level employee can read "Confidential" data but not Top
Secret data.

5. Clark-Wilson Model + Role-Based Access Control (RBAC)

Concept:
 A combination of Clark-Wilson Model (Data Integrity) and Role-Based
Access Control (RBAC).
 Enforces data integrity by ensuring only authorized users can modify data.
How It Works:
 Uses Well-Formed Transactions: Data modifications must be performed
through authorized programs to prevent corruption.
 Separation of Duties: Different roles have different permissions to prevent
fraud.
Real-World Example:
 Hospital Information System:
o Doctors can update patient records, but nurses can only read them.
o Pharmacists can dispense medication but cannot modify patient
diagnoses.

Advantages of Hybrid Security Policies

Feature Benefit
Provides both confidentiality, integrity, and access
Combines Strengths
control.
Prevents Conflicts of Ensures users do not misuse access for competitive
Feature Benefit
Interest advantage.
Can be customized for different industries and security
Flexible & Adaptive
needs.
Protects Sensitive Prevents unauthorized disclosure and modification of
Information critical data.

Conclusion
Hybrid security policies offer a comprehensive approach to computer security by
integrating multiple security models. They provide a more robust and flexible
security framework for organizations handling sensitive information in fields such
as finance, healthcare, military, and corporate environments.
By combining different models, hybrid policies ensure confidentiality, integrity,
and access control, making them essential for modern cybersecurity strategies.
Computer Security Integrity Policies
Introduction
Integrity policies in computer security ensure that data remains accurate,
consistent, and unaltered by unauthorized users. These policies protect
information from corruption, accidental modifications, and malicious alterations.
Integrity is a crucial component of the CIA Triad (Confidentiality, Integrity,
Availability) and is essential in fields such as banking, healthcare, government,
and cybersecurity.
Objectives of Integrity Policies:
✅ Prevent unauthorized modification of data.
✅ Maintain data consistency and accuracy.
✅ Ensure data is reliable for decision-making.
✅ Protect data from malicious attacks (e.g., malware, insider threats).

Types of Computer Security Integrity Policies

1. Biba Integrity Model (Strict Integrity Policy)
Concept:
 Focuses on data integrity by preventing unauthorized changes.
 Uses a hierarchical access model where high-integrity levels cannot be
influenced by lower levels.
Key Rules:
 Simple Integrity Axiom (No Read Down): Users cannot read data from
lower integrity levels to avoid contamination.
 Star Integrity Axiom (No Write Up): Users cannot write to higher integrity
levels to prevent low-trust users from modifying critical data.
Real-World Example:
 Financial Transactions: A bank teller can view customer transactions but
cannot modify account balances, ensuring accurate financial records.

2. Clark-Wilson Integrity Model

Concept:
 Ensures data integrity through well-formed transactions and separation of
duties (SoD).
 Prevents unauthorized data modification by enforcing controlled access.
Key Principles:
 Well-Formed Transactions: Users cannot modify data directly; they must
use authorized applications.
 Separation of Duties (SoD): Different roles have different levels of access to
prevent fraud.
 Access Control Triple:
o Unconstrained Data Items (UDIs): Data that users can modify.
o Constrained Data Items (CDIs): Data protected by security policies.
 o Transformation Procedures (TPs): Authorized programs that modify
CDIs securely.
Real-World Example:
 E-Commerce Transactions: Customers cannot directly modify their order
records; only authorized systems and employees can update orders through
proper channels.

3. Data Integrity Through Cryptographic Hashing

Concept:
 Uses cryptographic techniques to detect data modifications.
 A hash function generates a unique fingerprint (hash) of data. If the hash
changes, the data has been tampered with.
Key Techniques:
 SHA-256 (Secure Hash Algorithm): Used for data verification in blockchain
and digital signatures.
 MD5/SHA Checksums: Used to verify file integrity after downloads or
transfers.
Real-World Example:
 Blockchain Transactions: Bitcoin transactions use cryptographic hashing to
ensure that past transactions remain unaltered and verifiable.

4. Integrity Monitoring with Checksums and Digital Signatures

Concept:
 Checksums and digital signatures help detect unauthorized changes to files
or messages.
 Digital signatures provide authentication, non-repudiation, and integrity
verification.
Key Techniques:
 Message Authentication Code (MAC): Ensures messages are not altered in
transit.
 Public Key Infrastructure (PKI): Uses digital certificates to validate file
integrity.
Real-World Example:
 Software Updates: Operating systems (e.g., Windows, macOS) use digital
signatures to verify software updates and prevent the installation of
tampered files.

5. Database Integrity Policies (ACID Properties)

Concept:
 Ensures data integrity in databases by following ACID (Atomicity,
Consistency, Isolation, Durability) principles.
Key Principles:
 Atomicity: Ensures transactions are fully completed or not executed at all.
 Consistency: Maintains data validity before and after transactions.
 Isolation: Prevents interference from other transactions.
 Durability: Ensures that completed transactions remain stored
permanently.
Real-World Example:
 Online Banking Transactions: A fund transfer should either complete fully
or not occur at all to prevent incorrect balances.

6. Role-Based Access Control (RBAC) for Data Integrity

Concept:
 Uses roles and permissions to control data access.
  Limits who can read, modify, or delete critical information.
Key Principles:
 Least Privilege: Users receive the minimum access necessary to perform
their job.
 Separation of Duties: Prevents a single user from executing high-risk
actions alone.
Real-World Example:
 Healthcare Records: Doctors can update patient records, but nurses can
only read them to prevent accidental data modification.

7. Write-Once, Read-Many (WORM) Storage for Data Integrity

Concept:
 WORM technology prevents modifications to stored data.
 Used in compliance-driven industries where data must remain unchanged.
Real-World Example:
 Legal Documents & Financial Records: Financial firms store compliance
documents on WORM drives to prevent tampering.

Comparison of Integrity Policies

Integrity Policy Main Goal Prevention Method Example
Prevents data No read down, no write Banking
Biba Model
corruption up transactions
Well-formed
Clark-Wilson Ensures authorized E-commerce
transactions,
Model data modifications transactions
separation of duties
Cryptographic Verifies data Hash functions (SHA- Blockchain
Hashing integrity 256, MD5) transactions
Integrity Policy Main Goal Prevention Method Example
Detects Message
Checksums & Secure software
unauthorized Authentication Codes
Digital Signatures updates
changes (MAC), PKI
ACID Principles Maintains database Atomicity, Consistency, Online banking
(Databases) integrity Isolation, Durability transactions
Restricts
RBAC (Access Role-based access Healthcare
unauthorized
Control) control records
modifications
Prevents data Write-once, read-many
WORM Storage Financial records
tampering (WORM)

Importance of Integrity Policies in Cybersecurity

🔹 Prevents Data Tampering: Ensures that critical data remains unchanged.
🔹 Protects Against Insider Threats: Restricts unauthorized access and
modifications.
🔹 Enhances Trust & Compliance: Organizations follow legal regulations (e.g.,
HIPAA, GDPR).
🔹 Ensures Reliable Decision-Making: Data remains accurate, consistent, and
trustworthy.

Conclusion
Integrity policies play a vital role in protecting digital assets from corruption,
unauthorized modifications, and cyber threats. Models like Biba, Clark-Wilson,
ACID, and RBAC help ensure data reliability across various industries such as
finance, healthcare, government, and cybersecurity.
Implementing cryptographic hashing, access controls, and integrity monitoring
strengthens security and ensures trustworthy data for decision-making.
Real-Time Example of the Biba Integrity Model in Action
Let’s see how the Biba Integrity Model (Strict Integrity Policy) applies in real-
world scenarios using a bank's financial system as an example.

📌 Scenario: Banking System Security

Actors Involved:
 Bank Manager (High Integrity - Level 3)
 Bank Teller (Medium Integrity - Level 2)
 Customer (Low Integrity - Level 1)
System Security Rules Based on Biba Model:
User Role Allowed Actions Restricted Actions Integrity Level
Bank Read & write financial Cannot access unverified
High (Level 3)
Manager records customer logs
Read customer account Cannot modify high-integrity Medium
Bank Teller
balances reports (Level 2)
View personal account Cannot modify account
Customer Low (Level 1)
details balance

💻 How the Biba Model Works in Real-Time:

🟢 Step 1: A Customer Requests a Loan Application
 The customer (Low Integrity - Level 1) logs into the online banking system.
 The system allows the customer to view their account balance but not
modify it.
 The customer submits a loan request, which goes into a pending queue.
✅ Allowed (Read-Only Access) – The customer can read their balance but cannot
alter any bank records.
❌ Not Allowed (No Write Up) – The customer cannot modify the bank's loan
approval system.
🟡 Step 2: A Bank Teller Processes the Loan Request
 The bank teller (Medium Integrity - Level 2) reviews the customer's loan
request.
 The teller can update the loan request status (approved/rejected) but
cannot modify financial audit records.
 The teller follows a predefined process (Transformation Procedure - Clark-
Wilson Model) to ensure data accuracy.
✅ Allowed: The teller can review, approve, or reject the loan request.
❌ Not Allowed (No Write Up): The teller cannot modify financial reports stored at
Level 3 (High Integrity).

🔴 Step 3: A Bank Manager Audits Financial Reports

 The bank manager (High Integrity - Level 3) reviews approved loans and
financial audits.
 The manager cannot access low-integrity customer logs directly to prevent
data contamination (No Read Down Rule).
 Only verified financial reports and logs from Level 3 sources can be
reviewed.
✅ Allowed: The manager can update high-integrity financial records.
❌ Not Allowed (No Read Down): The manager cannot read unverified loan
applications directly from Level 1 (customer level).

🚀 How the Biba Model Protects the Banking System

✅ Prevents Data Corruption → Customers cannot modify financial records.
✅ Maintains Trustworthiness → Only authorized personnel can update high-
integrity data.
✅ Ensures Secure Workflows → Employees follow a structured data processing
flow.

🔐 Other Real-World Examples of the Biba Model

1️⃣ Healthcare Records (Electronic Medical Records - EMR)
 Doctor (High Integrity): Can update patient prescriptions.
 Nurse (Medium Integrity): Can read patient records but cannot modify
prescriptions.
 Receptionist (Low Integrity): Can schedule appointments but cannot access
medical records.

2️⃣ Industrial Control Systems (ICS) - Power Grid Management

 Power Grid Engineer (High Integrity): Can modify system configurations.
 Supervisor (Medium Integrity): Can monitor but not alter system controls.
 Public User (Low Integrity): Can view power outage updates but cannot
change grid settings.

Conclusion
The Biba Integrity Model (Strict Policy) is crucial in banking, healthcare,
industrial control, and government systems. By enforcing "No Read Down" and
"No Write Up", it ensures that critical data remains protected from corruption
and unauthorized access while maintaining a secure workflow.
In computer security, confidentiality policies ensure that sensitive data is
accessed only by authorized individuals and prevent unauthorized disclosure.
Here are some common types of confidentiality policies:
1. Discretionary Access Control (DAC)
 Users or owners of data determine access permissions.
 Example: A file owner sets read/write permissions for other users.
  Used in: Windows and Linux file systems.
2. Mandatory Access Control (MAC)
 Access is controlled by a central authority based on security labels (e.g.,
classified, secret, top-secret).
 Users cannot modify permissions.
 Used in: Military, government, and high-security environments.
3. Role-Based Access Control (RBAC)
 Access is granted based on a user's role within an organization.
 Reduces administrative overhead by grouping users with similar privileges.
 Used in: Corporate IT systems, enterprise applications.
4. Attribute-Based Access Control (ABAC)
 Access is granted based on attributes such as user location, time, and device
type.
 More flexible than RBAC.
 Used in: Cloud computing, modern enterprise security.
5. Need-to-Know Policy
 Users are granted access only to the information necessary to perform their
job.
 Used in: Intelligence agencies, financial institutions.
6. Least Privilege Policy
 Users and applications receive the minimum access required to perform
tasks.
 Helps reduce risks from insider threats or malware.
 Used in: Corporate networks, government agencies.
7. Data Classification Policy
  Data is classified into categories (e.g., public, confidential, highly sensitive)
to control access accordingly.
 Used in: Healthcare (HIPAA compliance), finance, legal sectors.
8. Encryption Policy
 Requires encryption of sensitive data at rest and in transit to prevent
unauthorized access.
 Used in: Cloud storage, banking transactions, email security.
Each organization may implement multiple confidentiality policies depending on
its security needs.
introduction Chinese Wall security describe how to reach these goals.
It’s a commercial security policy .The Chinese Wall security policy focuses more on
confidentiality .The Chinese Wall security policy is perhaps as significant to some
parts of the commercial world as Bell and LaPadula’s policies are to the military .
5 introductionIt can be distinguished from Bell-LaPadula policies by the way that a
user’s permitted accesses are constrained by the history of his previous
accesses .The Chinese Wall security policy was identified by Brewer and Nash. It is
a real commercial policy which can be formally modelled. Its basic idea is to keep
company information confidential and prevent it from unauthorized access of
consulting services.
6 Chinese wall Model Policy
All corporate information is stored in hierarchically arranged filling system. It
consist of three levels :At the lowest level , individual items of information
(objects) is considered, each concerning a single corporation .At the intermediate
level , all objects which concern the same corporation are grouped into a company
dataset .At the highest level , all company datasets whose corporations are in
competition are grouped together. Each group is referred as a conflict of interest
class .
8 Chinese wall Model Policy
Associated with each object is the name of the company dataset to which it
belongs and the name of the conflict of interest class to which that company
dataset belongs .
9 Chinese wall Model Policy
If the system maintained information on Bank-A , Oil Company-A and Oil
Company-B :All objects would belong to one of three company dataset ( “bank-A”
“oil company-A” or “oil company-B” ) ,There would be two conflict of interest
classes , one for banks ( containing Bank-A’s dataset ) and one for petroleum
companies ( containing Oil company-A’s and Oil company-B’s dataset .
11 Chinese wall Model Policy
The basis of the Chinese Wall policy is that people are only allowed access to
information which is not held to conflict with any other information that they
already possess .
12 Chinese wall Model Policy
Thus , in consideration of the Bank-A , Oil Company-A and Oil Company-B datasets
, a new user may freely choose to access whatever datasets he likes ; as far as the
computer is concerned a new user does not possess any information and
therefore no conflict can exist .
13 Chinese wall Model Policy
Suppose the user accesses the Oil Company-A dataset first . The user now possess
information concerning the oil company-A dataset .Later , he requests access to
the Bank-A datasetThis is quite permissible since the Bank-A and Oil company-A
datasets belong to different conflict of interest classes and therefore no conflict
exists .
15 Chinese wall Model Policy
However, if he requests access to the oil company-B dataset the request must be
denied since a conflict does exist between the requested dataset ( Oil Company-B)
and one already possessed (Oil Company-A) .
17 Chinese wall Model Policy
It does not matter whether the oil company-A dataset was accessed before or
after the Bank-A dataset .However, were Oil Company-B to be accessed before the
request to access the Oil Company-A dataset , the restrictions would be quite
different .In this case access to the Oil Company-A dataset would be denied and
the user would possess { “Oil Company-B“ , “Bank-A” } ( as opposed to the request
to access the oil Company-B dataset being denied and the user possessing { “Oil
Company-A” , “Bank-A” } ) .
18 Chinese Wall Model In www
To realize the Chinese Wall security policy we need user labels that contain
information about the user’s identity and objects already accessed by him. We
require mechanisms that reliably provide authentication and authorization by user
profiles that support an interface to software run in the world wide web.
Bell-LaPadula Model: No Read Up, No Write Down
Scenario: A government agency with classified data. Security levels are:
 Top Secret
 Secret
 Confidential
 Unclassified
Roles:
 Alice: Security Clearance - Secret
 Bob: Security Clearance - Unclassified
Data:
 Document A: Marked "Top Secret" (Contains highly sensitive intelligence)
 Document B: Marked "Secret" (Contains operational planning information)
 Document C: Marked "Unclassified" (Publicly available information)
Example of "No Read Up":
 Alice (Secret Clearance) can read Document B (Secret) and Document C
(Unclassified).
 Alice cannot read Document A (Top Secret) because her clearance level is
not high enough. This prevents her from accessing information she's not
authorized to see.
 Bob (Unclassified Clearance) can only read Document C (Unclassified).
Bob cannot read Document A or Document B.
Example of "No Write Down":
  Alice (Secret Clearance) can create a new document at the Secret level
or higher (e.g., Top Secret). However, this requires discretionary access
control permission.
 Alice cannot write information from Document B (Secret) into Document C
(Unclassified). This prevents her from downgrading the classification of
sensitive information. She can't copy/paste, summarize, or otherwise
transfer Secret information into an Unclassified document.
Why is "No Write Down" Important?Imagine Alice reads Document B (Secret)
about a planned military operation. If she could then write that information into
Document C (Unclassified), Bob (who only has Unclassified clearance) could read
about the operation, leading to a security breach.
Biba Model: No Write Up, No Read Down
The Biba model focuses on integrity, meaning data accuracy and
reliability.Scenario: A software development company where different levels of
developers have different levels of trust. Integrity levels are:
 High Integrity (Core System Code)
 Medium Integrity (Important Modules)
 Low Integrity (Experimental Code)
Roles:
 Senior Developer: Integrity Level - High
 Junior Developer: Integrity Level - Low
Code:
 Module X: Marked "High Integrity" (Critical system component)
 Module Y: Marked "Low Integrity" (Experimental feature)
Example of "No Write Up":
 The Junior Developer (Low Integrity) cannot modify Module X (High
Integrity). This prevents them from accidentally or maliciously introducing
errors into critical code.
  The Senior Developer (High Integrity) can modify Module X (High Integrity).
Example of "No Read Down":
 The Senior Developer (High Integrity) can read both Module X (High
Integrity) and Module Y (Low Integrity).
 The Junior Developer (Low Integrity) cannot read Module X (High Integrity).
This is because reading low integrity data is not allowed. If the Junior
Developer sees the High Integrity data, it compromises the system's
integrity.
Why is "No Read Down" Important?In the Biba model, reading lower integrity
data by someone with higher integrity is not allowed. Because the integrity of the
lower level data is not ensured.