Concerning 'modeling' of computer security

Abstract

The author examines the notion of modeling, first as it applies to physical sciences, and then with reference to computer security. He identifies two undesirable aspects of models in general, which he calls incompleteness and inapplicability. A model of security given by D.E. Bell and L.J. La Padula (1975) is examined in light of the criticism that a model is a definition of that which it models; the author suggests that the critic's definition of the terms 'model' and 'security' is too wide.<>