Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Biba Model
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Features == In general, preservation of data ''integrity'' has three goals: * Prevent data modification by unauthorized parties * Prevent unauthorized data modification by authorized parties * Maintain internal and external consistency (i.e. data reflects the real world) This security model is directed toward data ''integrity'' (rather than ''confidentiality'') and is characterized by the phrase: "read up, write down". This is in contrast to the Bell-LaPadula model which is characterized by the phrase "read down, write up". In the Biba model, users can only ''create content at or below'' their own integrity level (a monk may write a prayer book that can be read by commoners, but not one to be read by a high priest). Conversely, users can only ''view content at or above'' their own integrity level (a monk may read a book written by the high priest, but may not read a pamphlet written by a lowly commoner). Another analogy to consider is that of the military [[command hierarchy|chain of command]]. A General may write orders to a Colonel, who can issue these orders to a Major. In this fashion, the General's original orders are kept intact and the mission of the military is protected (thus, "read up" integrity). Conversely, a Private can never issue orders to his Sergeant, who may never issue orders to a Lieutenant, also protecting the integrity of the mission ("write down"). The Biba model defines a set of security rules, the first two of which are similar to the [[Bell–LaPadula model]]. These first two rules are the reverse of the Bell–LaPadula rules: # The Simple Integrity Property states that a subject at a given level of integrity must not read data at a lower integrity level (''no read down''). # The * (star) Integrity Property states that a subject at a given level of integrity must not write to data at a higher level of integrity (''no write up'').<ref>{{Cite book|title=All in One CISSP Exam Guide|last=Harris|first=Shon|publisher=McGraw-Hill|year=2013|location=New York|pages=372}}</ref> # Invocation Property states that a process from below cannot request higher access; only with subjects at an equal or lower level.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)