Computer security is based on the role of various entities within the system and their CIA requirement. Information security models address the CIA requirements in computing systems and data.
This computer security model is also called the take-grant protection model and it specifies obtaining (taking) rights from one entity and giving them to another or the transferring (granting) of rights by one entity to another. There are two entities defined in this model: a subject and object. In simple terms, this model proposes a directed graph that represents the transfer of rights.
There are four rules in this model; they are as follows: