I am trying to fully grasp the concept of security models, rather than remember a set of facts that identify one model from another for the purpose of correctly answering exam questions. I’ve been using computers for most of my life without being aware of the security model(s) the systems I’ve used are based upon. This list of operating systems includes VMS, CPM, Microsoft (PC DOS up to Win 10), & Unix (multiple versions). Each OS must incorporate one or more models, but there appears to be no link between them. A list of OSs with the corresponding security model(s) that each is based upon would be informative.

A second question that remains unclear is how do various OSs address any missing support for the CIA elements of security models? For example, some security model support confidentiality while others integrity. My expectation is that when a security model has a weakness other controls are incorporated into the OS implementation to mitigate the vulnerability of the otherwise missing protection. Is that a valid expectation? An addendum to the list described in the previous question detailing what type of controls each OS uses to ensure CIA, as well as identification, authentication and authorization would be informative.