Answer

Comparison and Contrast of Security Models and Recommendations

The system’s environment and application plays a significant role in establishing extra security requirements. Shostack (2014) argues that a security model is a component of the process of developing secure system. According to to Jacobs and Rudis (2014) and Jin and Shen (2012), the need for downgrading, sanitization, auditing, and exceptional privileges for security officers in charge of the system necessitate the adoption of robust and appropriate security models. In relation to this, this paper compares and contrasts three security models including the Bell-LaPadula, Biba, and Clark-Wilson models after which it concludes by recommending the appropriate security model for the company. The areas covered in the paper are explanation of the reason for the selection of the three models, explanation of how the models are similar, explanation of the differences among the models, and recommendations for the model that should be adopted and why. These areas are covered in the subheadings below:

Explanation of the Reason for the Selection of the Three Models

Ebrahim (2017) asserts that the implementation of security models is often inspired by the need to accomplish integrity and confidentiality via information access controls. According to Jacobs and Rudis (2014), the Biba, Bell-LaPadula, and Clark-Wilson models happen to be among the security models that are commonly employed by organizations in realizing confidentiality and integrity. Hasani and Modiri (2013) add that the Biba and Bell-LaPadula security models are among the majorly used access control techniques in organizations. These methods are often established to formalize techniques targeted at protecting the system confidentiality, as well as data integrity within computer systems (Shostack 2014). As such, the selection of these security models was informed by the fact that they are among the widely employed mechanisms for attaining system confidentiality in organizations. 

                                                          Explanation of how the Models are Similar

The Clark-Wilson, the Bell-LaPadula, and Biba security models bear certain similarities. As aforementioned, the three models are employed in ensuring data integrity and confidentiality within computer systems. The three methods resemble each other in the sense that they serve as information flow and control models (Shostack, 2014). As such, these techniques can be employed in determining how the implementation of security will be accomplished, the subjects that can have access to the system, and the objects to which such subjects have access (Hasani & Modiri, 2013).

BLP and Biba resemble each other in the sense that both of them establish a partial order. The BLP possess security levels that establish a partial order. In the Biba model, the assigning of objects and users is done by focusing on integrity levels, thereby leading to the establishment of a partial order. As in the case of the BLP model, the Biba model possesses reversed set of regulations or rules (Yadav & Shah, 2015). The Biba method does not permit reading from lower levels followed by writing to upper levels. As such, users cannot communicate to low users. In the same manner, the aspect of “read-down” does not exist in BLP model, as high integrity cannot read lower integrity. Moreover, the element of “write-up” is absent, as subjects or users cannot move data of low integrity to environments of high integrity (Jacobs, 2011; Yadav & Shah, 2015).  The Biba, BLP, and Clark-Wilson methods resemble each other BLP in the sense that the three models are defined by three properties. The Clark-Wilson model resembles the Biba model in its focus on data or system integrity. Both the Biba and Clark-Wilson models address the aspect of access control. The Clark-Wilson method is associated with an access control triple comprising the user, the constrained data item, and transformational procedure. 

As in the case of the Biba model, the Clark-Wilson method examines threats by ensuring that only sanctioned transaction procedures can manipulate constrained data items (Shostack, 2014).  In the Biba model, the conversion of unconstrained data items and constrained data items is only accomplished by trusted subjects.      

Explanation of the Differences among the Three Models

Despite having similarities in certain areas, the three security models have significant differences in many areas. For instance, whereas Clark-Wilson and Biba models address the issue of data integrity, the BLP model addresses the aspect of data confidentiality (Benantar, 2006; Galliers & Leidner, 2014). As such, the model cannot address covert channels or access controls, as in the case of the Biba and Clark-Wilson models. It is significant to note that the Biba technique only covers the first objective of integrity, which involves the protection of the system for access by unsanctioned users (Galliers & Leidner, 2014; Shostack, 2014). As such, this model does not address the aspects of confidentiality and availability. Therefore, this model assumes that good coding practices are essential for the protection of internal threats. As such, as opposed to the BLP model that examines external threats, the Biba model does not examine external threats. Contrary to the Biba technique, Clark-Wilson model covers all objectives of integrity. The model holds that the separation of responsibilities must be imposed, subjects must have access to data via an application, and there is a need for auditing.

Even though the BLP and Biba methods are defined by three features, the individual features defining these models are different. For example, the defining features for BLP are simple security property, star security property, and string star property. The simple security property holds that a subject existing at a single confidentiality level is not permitted to read information at a higher confidentiality level (Galliers & Leidner, 2014; Shostack, 2014). This property is often known as “no read-up.” The star security property positions that a subject at a single confidentiality level is not permitted to write information to a lower confidentiality level. This property is known as “no write down” (Galliers & Leidner, 2014; Shostack, 2014). The strong star property states that a subject cannot write or read to an object of lower or higher sensitivity. Contrary to the BPL technique, the three properties defining the Biba method are simple integrity property, star integrity property, and invocation property (Galliers & Leidner, 2014; Shostack, 2014). The simple integrity property maintains that a subject at a single integrity level is not mandated to read an object associated with lower integrity. The strong star integrity property holds that an object at a single integrity level is not allowed to write to an object associated with higher integrity. The invocation property forbids a subject at a single integrity level from the invocation of a subject at a higher integrity level.  

It is significant to note that Clark-Wilson method is different from the Biba technique in the aspect of restriction (Galliers & Leidner, 2014). Whereas the Biba model does not restrict subjects, the Clark-Wilson method restricts subjects. Therefore, a subject existing at one access level can read one data set, while a subject at another access level can access various data sets. Clark-Wilson regulates the manner in which objects can be accessed by subjects with the aim of ensuring the system’s internal consistency (Galliers & Leidner, 2014). This property also ensures that the manipulation of data in the system is executed in ways that safeguard consistency. Clark-Wilson model also differs from Biba and BLP in the sense that it was established for use in commercial activities.

Recommendations for the Model that should be Adopted and Why

Considering the three models examined in the section above, the Clark-Wilson method is recommended for the company. Clark-Wilson method is ideal for commercial activities and this aligns it with the organization. Contrary to the BLP and Biba models, the Clark-Wilson model is appropriate for a range of applications (Andress, 2014; Shostack, 2014). For example, the model covers all integrity goals along with the aspect of confidentiality. On the other hand, the Biba model only covers the first integrity goal (Yadav & Shah, 2015; Galliers & Leidner, 2014; Shostack, 2014). The BLP model only covers confidentiality, but does not address the aspect of integrity.  Moreover, the BLP method only addresses static relationships, which is unrealistic. The Biba method’s implementation is impractical, as it does not consider malicious intents from the use. As such, the BLP and Biba model are inappropriate for the company considering that they do not match the standards for contemporary security threats. The Clark-Wilson model offers an opportunity for the firm to address the current security threats.

In conclusion, the contemporary security threats call for the adoption of a robust security model by organizations.  This paper has examined three security methods including Clark-Wilson, Biba, and BLP models. The Clark-Wilson method provides the company with an opportunity to address the present security threats, as it is applicable to a range of commercial activities, covers all integrity goals, and ensures confidentiality. The Biba and BLP models are unsuitable for the company owing to their inabilities to address the aspects of confidentiality and integrity respectively. The Biba model is also impracticable in terms of implementation, whereas the BLP method covers static associations, which is unrealistic. Therefore, Clark-Wilson model qualifies as the suitable security model for Wellness Technology.