Beruflich Dokumente
Kultur Dokumente
Contextual Model
AN INTEGRATIVE PERSPECTIVE
By PROTEUS YOUNG
1
Information Security Contextual Model © Proteus Young
Also, it is important to notice that the diagram depicts They can only be understood in the context of the
relationships, not the data flow. complete process (e.g. data being accessed).
User is the agent – not necessarily humanii – which Traceability is the characteristic that allows the
promotes the creation, recovery and transformation of reconstitution of the Accesses to which the Data was
Data. Its inherent property is Identity, meaning that submitted by the Users during a given period of time.
agents’ identification must be unambiguous under the
penalty of ignorance of the access’ actor.
Access is the process that makes the User’s action on the UNDERLYING PRINCIPLES
Data possible. Its inherent property is Inviolability,
meaning that the process must not be intercepted or Data Integrity is connected to two principles:
interrupted. Violations would respectively cause loss of
• Preservation is the principle that data should be
confidentiality and loss of availability.
protected against modifications that cause its
corruption, regardless of storage medium or form
of representation. While accidental corruption is
RELATIONAL PROPERTIES generally cause by physical issues, intentional
corruption stems from a security breach. As for the
The relations between and among the elements Data, breadth of damage, it can range from imperceptible
User, and Access give rise to properties that do not make or irrelevant to total loss.
sense when considered outside the context of the • Consistency is the principle that correlated data
relationship. In pairwise relationships, the missing should be consistent with each other. For example,
element does not affect the property and is not affected if not successfully completed, multiple updates of
by it, as follows. related tables in a database may causes a relational
The relationship between User and Data gives rise to the inconsistencyiii.
property Authority, which reflects the rights of Loss of Integrity impacts the Availability and Authority
individuals or groups over information. This property properties once these can only be verified if the
originates in the real world and needs a corresponding information is true and complete: there is no point in the
mapping to the security implementation. Authority is availability of false or incomplete information, as well as
independent of Access, because the right to access there is no sense in Authority over corrupted data.
certain pieces of information exists even when the user Likewise, the third level properties will be impaired. In
does not exercise it. case of complete data destruction, this condition is more
The relationship between User and Access gives rise to evident.
the property Authenticity, which is the guarantee that Access Inviolability is connected to the principle of
the User is who he/she claims to be, that is, his/her Legitimacy: access to data must be by legitimate means.
identity validation. Authenticity is independent of Data Access violation can be either an interception or
since the User does not have to access it in order to have interruption, making it an illegitimate action which
his/her identity recognized. affects adjacent properties as follows:
The relationship between Data and Access gives rise to • Authenticity is obviously violated as access is
the Availability property, which reflects the readiness of performed by an agent not authorized to do so.
the data to be accessed. This property is independent of • Availability may be affected by illegitimate access
User since the readiness exists even if no access is made. either by competing for processing resources in a
The relationship between Data, Access and User query that results in high data volume, or by a
comprises the Inner Triad of the third level properties.
2
Information Security Contextual Model © Proteus Young
deliberate denial of service action (for example, Access Traceability relates to Accountability principle
by running a resource-intensive query available. whereby each User can only be held responsible for the
• Confidentiality is compromised by improper actions he/she performed (or failed to perform). Lack of
access. traceability prevents imputability and causes accidental
• Non-repudiation and traceability lose meaning impunity. Data Integrity may be affected if it is impossible
when access is illegitimate as the logging to determine how a condition was achieved.
mechanism may incorrectly capture the
User Non-Repudiation is related to the principle of
illegitimate action.
Authorship Accreditation of certain actions. It assures the
Integrity, which in non-adjacent property, may also be user’s Authenticity in such a way that it’s impossible for
affected if illegitimate access results in data the author or any interested party to refute the action.
transformation.
Data Confidentiality is directly associated with the Need • How does the Contextual Model differ from other
to Know principle, which holds that access to data is existing models?
limited by the User’s Authority. Failure to comply with It depends on the model considered. In general, the
this principle results in improper disclosure (“leakage”) of main differences are:
information.
3
Information Security Contextual Model © Proteus Young
NOTES
i STRIDE is the acronym for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privileges.
ii Automated actions always require the provision of credentials - typically service accounts - with sufficient rights.
iii Although major database management systems provide multiple-update transaction as consistency preservation mechanism, they