Scribd Logo
Upload

Welcome to Scribd!

  • Lecture 21

    Uploaded by

    jay.reaper4
    8 views7 pages
    This document summarizes a lecture on Biba's integrity models. It introduces Biba's three proposed integrity policies, focusing on Strict Integrity. Strict Integrity is a mandatory access control policy where a subject can only read objects equal or higher in integrity and can only write to objects equal or lower. This "dual" of Bell-LaPadula aims to prevent information from flowing up in integrity. The lecture notes how Biba and Bell-LaPadula policies can be combined by using both confidentiality and integrity labels, with access allowed only if permitted by both policies.

    Original Description:

    Original Title

    lecture21

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes a lecture on Biba's integrity models. It introduces Biba's three proposed integrity policies, focusing on Strict Integrity. Strict Integrity is a mandatory access control policy where a subject can only read objects equal or higher in integrity and can only write to objects equal or lower. This "dual" of Bell-LaPadula aims to prevent information from flowing up in integrity. The lecture notes how Biba and Bell-LaPadula policies can be combined by using both confidentiality and integrity labels, with access allowed only if permitted by both policies.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views7 pages

    Lecture 21

    Uploaded by

    jay.reaper4
    This document summarizes a lecture on Biba's integrity models. It introduces Biba's three proposed integrity policies, focusing on Strict Integrity. Strict Integrity is a mandatory access control policy where a subject can only read objects equal or higher in integrity and can only write to objects equal or lower. This "dual" of Bell-LaPadula aims to prevent information from flowing up in integrity. The lecture notes how Biba and Bell-LaPadula policies can be combined by using both confidentiality and integrity labels, with access allowed only if permitted by both policies.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Foundations of Computer Security

    Lecture 21: Modeling Integrity: Biba

    Dr. Bill Young


    Department of Computer Sciences
    University of Texas at Austin

    Lecture 21: 1 Modeling Integrity: Biba


    Biba’s Integrity Models

    Ken Biba (1977) proposed three different integrity access control


    policies.
    1 The Low Water Mark Integrity Policy
    2 The Ring Policy
    3 Strict Integrity

    All assume that we associate integrity labels with subjects and


    objects, analogous to clearance levels in BLP.

    Only Strict Integrity had much continuing influence. It is the one


    typically referred to as the “Biba Model” or “Biba Integrity.”

    Lecture 21: 2 Modeling Integrity: Biba


    Strict Integrity Policy

    The Strict Integrity Policy is a mandatory integrity access control


    policy and is the dual of BLP.

    Simple Integrity Property: Subject s can read object o only if


    i(s) ≤ i(o).
    Integrity *-Property: Subject s can write to object o only if
    i(o) ≤ i(s).

    What does it mean to say that Biba Integrity is the “dual” of Bell
    and LaPadula?

    Lecture 21: 3 Modeling Integrity: Biba


    Interpreting the Rules

    Simple Integrity means that a subject can only read objects at


    its own integrity level or above.
    The Integrity *-Property means that a subject can only write
    objects at its own integrity level or below.

    This means that a subject’s integrity cannot be tainted by reading


    bad (lower integrity) information; a subject cannot taint more
    reliable (higher integrity) information by writing into it.

    Lecture 21: 4 Modeling Integrity: Biba


    Strict Integrity ACM
    Since this is an access control policy, it can be represented as an
    access control matrix? Suppose H > L are hierarchical integrity
    levels.

    Subjects Level Objects Level


    Subj1 (H, {A, B, C }) Obj1 (L, {A, B, C })
    Subj2 (L, {}) Obj2 (L, {})
    Subj3 (L, {A, B}) Obj3 (L, {B, C })

    The following is the associated access control matrix.

    Obj1 Obj2 Obj3


    Subj1 W W W
    Subj2 R R, W R
    Subj3 R W -

    Lecture 21: 5 Modeling Integrity: Biba


    Combining BLP and Strict Integrity

    To protect confidentiality and integrity, one could use both BLP


    and Biba’s Strict Integrity policy.
    1 You’d need confidentiality labels and integrity labels for all
    subjects and objects.
    2 An access is allowed only if allowed by both the BLP rules and
    the Biba rules.

    What would the corresponding access control matrix look like?

    Lecture 21: 6 Modeling Integrity: Biba


    Lessons

    Biba’s Strict Integrity Policy is a mandatory integrity access


    control policy and is the dual of BLP.
    It aims to keep information from flowing up in integrity.
    Since confidentiality and integrity are orthogonal they require
    different sets of labels and can be enforced separately or
    jointly.

    Next lecture: Biba’s Other Policies

    Lecture 21: 7 Modeling Integrity: Biba

    You might also like