Biba Model

From Wikipedia, the free encyclopedia

Jump to: navigation, search

The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1977 [1], is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

In general the model was developed to circumvent a weakness in the Bell-LaPadula Model which only addresses data confidentiality.

[edit] Features

In general, preservation of data integrity has three goals:

  • Prevent data modification by unauthorized parties
  • Prevent unauthorized data modification by authorized parties
  • Maintain internal and external consistency (i.e. data reflects the real world)

This security model is directed toward data integrity (rather than confidentiality) and is characterized by the phrase: "no read down, no write up". This is in contrast to the Bell-LaPadula model which is characterized by the phrase "no write down, no read up".

In the Biba model, users can only create content at or below their own integrity level (a monk may write a prayer book that can be read by commoners, but not one to be read by a high priest). Conversely, users can only view content at or above their own integrity level (a monk may read a book written by the high priest, but may not read a pamphlet written by a lowly commoner).

The Biba model defines a set of security rules similar to the Bell-LaPadula model. These rules are the reverse of the Bell-LaPadula rules:

  1. The Simple Integrity Axiom states that a subject at a given level of integrity may not read an object at a lower integrity level (no read down).
  2. The * (star) Integrity Axiom states that a subject at a given level of integrity must not write to any object at a higher level of integrity (no write up).

[edit] See also

[edit] References

  1. ^ Biba, K. J. "Integrity Considerations for Secure Computer Systems", MTR-3153, The Mitre Corporation, April 1977.
Personal tools