Security models

1. Explain the difference between a security model and a security policy? A security model tells us what concept and features are available for discussing security. A security policy is a political manifesto for how to define and deal with security breaches, using the tools and ideas from the model.
2. What are the four basic areas that a complete model of security must cover. Explain why it would be difficult to provide a description of total security. Privacy, integrity, authentication and trust. Difficult to discuss things like trust without reference to specific examples. How does one model trust?
3. Explain why host configuration is an important issue in security. If the host has been compromised then there can be no security. If the host doesn't work, it is meaningless to speak of its security. We can configure hosts correctly and incorrectly, securely and insecurely.
4. What is meant by a finite state machine? Give some examples of systems which can be thought of as finite state machines. A system whose overall state can be described by the coordinates in some N-dimensional lattice. Any digital computer system can be described as a finite state machine (called a Turing machine). For instance, a disk filesystem is a FSM, where the states are the ownerships and permission bits on the files.
5. Describe briefly the Bell-LaPadula model. What are its limitations? What other models have attempted to generalize this model. See notes. File permissions, security levels, secure transitions. Does not address changes in permissions. Has obviously insecure states. Does not address issue of integrity.