==The Bell-La Padula Model==
- The Bell-La Padula Model is used to achieve confidentiality. This model has a few assumptions, such as an organisation’s hierarchical structure it is used in, where everyone's responsibilities/roles are well-defined.
- The model works by granting access to pieces of data (called objects) on a strictly need to know basis. ==This model uses the rule “no write down, no read up”.==
Biba Model
- The Biba model is arguably the equivalent of the Bell-La Padula model but for the integrity of the CIA triad.
- This model applies the rule to objects (data) and subjects (users) that can be summarised as “no write up, no read down”. This rule means that subjects can create or write content to objects at or below their level but can only read the contents of objects above the subject's level.
==STRIDE==
- (Spoofing identity, Tampering with data, Repudiation threats, Information disclosure, Denial of Service and Elevation of privileges).
==PASTA==
- (Process for Attack Simulation and Threat Analysis).