Chapter 8: Principles of Security Models,

               Design, and Capabilities


                1.  Security models include state machine, information flow,
                    noninterference, Take-Grant, access control matrix, Bell-LaPadula,

                    Biba, Clark-Wilson, Brewer and Nash (aka Chinese Wall), Goguen-
                    Meseguer, Sutherland, and Graham-Denning.

                2.  The primary components of the trusted computing base (TCB) are
                    the hardware and software elements used to enforce the security
                    policy (these elements are called the TCB), the security perimeter
                    distinguishing and separating TCB components from non-TCB
                    components, and the reference monitor that serves as an access

                    control device across the security perimeter.

                3.  The two primary rules of Bell-LaPadula are the simple rule of no
                    read-up and the star rule of no write-down. The two rules of Biba
                    are the simple rule of no read-down and the star rule of no write-
                    up.

                4.  An open system is one with published APIs that allow third parties
                    to develop products to interact with it. A closed system is one that
                    is proprietary with no third-party product support. Open source is

                    a coding stance that allows others to view the source code of a
                    program. Closed source is an opposing coding stance that keeps
                    source code confidential.