Management System Authentication Essay

1298 Words 6 Pages
Confidentiality, integrity, and availability are the cornerstones of information assurance. When coupled with the concept of authentication, these tenants provide administrators with the necessary focus to protect information systems from adversaries. If I were building a learning management system similar to WebTycho for Booz Allen, it would be critical to integrate these security goals during the development of the collaboration tool.

Confidentiality is the concept of making data available to only the people or systems that are authorized to access it (Pfleeger & Pfleeger, 2006, p. 256). In regards to a learning management system, this would require that an individual’s personal data such as grade information, communications,
…show more content…
This principle is commonly referred to as “no read up” (Balon & Thabet, 2004). For example, in the event that an unclassified user would attempt to access a classified system, he or she would be denied under the simple security property.

The star property of the Bell-LaPadula access model states that a subject will only be able to write to an object if its security level is equal to or greater than the object’s. This principle is commonly referred to as “no write down” (Balon & Thabet, 2004). When implemented correctly, the star property would prevent a piece of malware that infected a classified system from being able to copy data to an unclassified resource.

Integrity focuses on ensuring that information can only be modified by authorized users (Pfleeger & Pfleeger, 2006, p. 256). In the instance of an online learning management system, this would require a user’s data such as conference postings or assignment submissions to remain protected from unauthorized modifications by other users. Similar to maintaining confidentiality, system administrators can integrate another form of access control in an environment in order to ensure data integrity. Biba is the opposite of the Bell-LaPadula model, as it is used to ensure integrity within an information system.
Biba was developed in 1977 by Ken Biba of the Mitre Corporation (Balon & Thabet, 2004). The

Related Documents