How many kinds of "Security Models" are there?

I have heard about "principal based security", "role based security", "component centric security", and in .NET, I get to know that the Code Access Security (CAS) is kind of a "origin based security". So are there any other security models? And what technical开发者_开发百科ly do they mean? Could someone give me some explanations, or point me to some reference? Many thanks.

---

Code access security is more of a function used by .net to comply to a security model. A security model itself is a loosely defined term for general security concepts.

For example, role based security or role based access control is a security model to define access to a resource based on a user's role. Although, this is all just a smaller portion of the whole security component that needs to be considered as a part of development. This can be a big help:

http://msdn.microsoft.com/en-us/security/default.aspx

But you can also look into more generalized security concepts such as the Comptia Security + certification for beginners and the CISSP through ISC2 for a bit more advanced security knowledge for a heuristic approach to security.

---

Wikipedia defines a computer security model as

A computer security model is a scheme for specifying and enforcing security policies. A security model may be founded upon a formal model of access rights, a model of computation, a model of distributed computing, or no particular theoretical grounding at all.

As you might imagine with a definition that broad there are many types of computer security models. Rather than re-listing all of the various models here it'd be easiest to take a look at the mostly complete computer security model category from Wikipedia. Finally, Wikipedia also provides a computer security portal linking to a multitude of computer security topics.

Aside from that MSDN has some excellent articles on securing .NET applications available. They also provide what appears to be a pretty good security tutorial.