Biba Model

Biba Model

The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1977 [Biba, K. J. "Integrity Considerations for Secure Computer Systems", MTR-3153, The Mitre Corporation, April 1977.] , is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

In general the model was developed to circumvent a weakness in the Bell-LaPadula Model which only addresses data confidentiality.

Features

In general, preservation of data integrity has three goals:

* Prevent data modification by unauthorized parties
* Prevent unauthorized data modification by authorized parties
* Maintain internal and external consistency (i.e. data reflects the real world)

This security model is directed toward data integrity (rather than confidentiality) and is characterized by the phrase: "no write up, no read down". This is in contrast to the Bell-LaPadula model which is characterized by the phrase "no write down, no read up".

In the Biba model, users can only create content at or below their own integrity level (a monk may write a prayer book that can be read by commoners, but not one to be read by a high priest). Conversely, users can only view content at or above their own integrity level (a monk may read a book written by the high priest, but may not read a pamphlet written by a lowly commoner).

The Biba model defines a set of security rules similar to the Bell-LaPadula model. These rules are the reverse of the Bell-LaPadula rules:

# "The Simple Integrity Axiom" states that a subject at a given level of integrity may not read an object at a lower integrity level (no read down).
# "The * (star) Integrity Axiom" states that a subject at a given level of integrity must not write to any object at a higher level of integrity (no write up).

See also

* Multi-Level Security - MLS
* Mandatory Access Control - MAC
* Discretionary Access Control - DAC
* Take-Grant Model
* The Clark-Wilson Integrity Model
* Graham-Denning Model
* Security Modes of Operation

References

* [http://cs.uccs.edu/~cs691/confidentialityPolicyies/IntegrityPolicy.ppt "Integrity Policies" Power Point presentation from University of Colorado at Colorado Springs]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Biba — This article is about the fashion store; other meanings are computer security model Biba Integrity Model, and British Insurance Brokers Association.Biba was an iconic and popular fashion store in the 1960s and 1970s.GenesisReady to wear fashion… …   Wikipedia

  • Bell-LaPadula model — The Bell LaPadula Model is a state machine model used for enforcing access control in government and military applications. [cite book|last=Hansche|first=Susan|coauthors=John Berti, Chris Hare|title=Official (ISC)2 Guide to the CISSP… …   Wikipedia

  • Bell–LaPadula model — The Bell LaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control in government and military applications.[1] It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from… …   Wikipedia

  • Computer security model — A computer security model is a scheme for specifying and enforcing security policies. A security model may be founded upon a formal model of access rights, a model of computation, a model of distributed computing, or no particular theoretical… …   Wikipedia

  • Brewer and Nash model — The Brewer and Nash model was constructed to provide information security access controls that can change dynamically. This security model, also known as the Chinese wall model, was designed to provide controls that mitigate conflict of interest… …   Wikipedia

  • Graham-Denning model — The Graham Denning Model is a security model that shows how subjects and objects should be created and deleted.It also addresses how to assign specific access rights.This model addresses the security issues associated with how to define a set of… …   Wikipedia

  • Clark-Wilson model — The Clark Wilson integrity model provides a foundation for specifying and analyzing an integrity policy for a computing system. The model is primarily concerned with formalizing the notion of information integrity. Information integrity is… …   Wikipedia

  • Computer security policy — A computer security policy defines the goals and elements of an organization s computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms. A technical… …   Wikipedia

  • Multilevel security — or Multiple Levels of Security (abbreviated as MLS) is the application of a computer system to process information with different sensitivities (i.e., at different security levels), permit simultaneous access by users with different security… …   Wikipedia

  • Low watermark (computer security) — Low watermark is an extension to Biba Model. In Biba model, no write up and no read down rules are enforced. In this model the rules are exactly opposite of the rules in Bell LaPadula model. In Low watermark model, read down is permitted, but the …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”