When integrity is more important than confidentiality the Biba Model is most often used. This model is commonly seen with nonmilitary operations.
Modeled after the LaPadula method it is also a state machine model that is based on the classification lattice.
As with the LaPadula model mandatory access controls are utilized. The Biba model identifies and addresses three significant issues;
- Prevent unauthorized subjects from modifying objects.
- Prevent authorized subjects from making unauthorized modifications.
- The consistency of the internal and external objects should be protected.
The Biba model further identifies integrity with two Axioms;
- The Simple Integrity Axiom implements ‘no read down’. In essence this means that a subject at a given classification level cannot read data at a lower classification level.
- The Integrity Axiom implements ‘no write up’, which means that a subject a given classification level cannot write to a higher classification level.
The Biba model does not address confidentiality or availability.
Copyright ©2002-2006 Testbusters.net. All Rights Reserved.
Testbusters.net is not sponsored, endorsed or affiliated by any associated vendor.
Associated venders include, but are not limited to, Microsoft®, Cisco®, CompTIA®, Novell® etc.
