Biba Integrity Model
   HOME

TheInfoList



OR:

The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1975, is a formal
state transition system In theoretical computer science, a transition system is a concept used in the study of computation. It is used to describe the potential behavior of discrete systems. It consists of states and transitions between states, which may be labeled with ...
of
computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...
policy that describes a set of
access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...
rules designed to ensure
data integrity Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire Information Lifecycle Management, life-cycle and is a critical aspect to the design, implementation, and usage of any system that stores, proc ...
. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject. In general the model was developed to address integrity as the core principle, which is the direct inverse of the
Bell–LaPadula model The Bell–LaPadula Model (BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. S ...
which focuses on confidentiality.


Features

In general, preservation of data ''integrity'' has three goals: * Prevent data modification by unauthorized parties * Prevent unauthorized data modification by authorized parties * Maintain internal and external consistency (i.e. data reflects the real world) This security model is directed toward data ''integrity'' (rather than ''confidentiality'') and is characterized by the phrase: "read up, write down". This is in contrast to the Bell-LaPadula model which is characterized by the phrase "read down, write up". In the Biba model, users can only ''create content at or below'' their own integrity level (a monk may write a prayer book that can be read by commoners, but not one to be read by a high priest). Conversely, users can only ''view content at or above'' their own integrity level (a monk may read a book written by the high priest, but may not read a pamphlet written by a lowly commoner). Another analogy to consider is that of the military
chain of command A command hierarchy is a group of people who carry out orders based on others' authority within the group. It can be viewed as part of a power structure, in which it is usually seen as the most vulnerable and also the most powerful part. Milit ...
. A General may write orders to a Colonel, who can issue these orders to a Major. In this fashion, the General's original orders are kept intact and the mission of the military is protected (thus, "read up" integrity). Conversely, a Private can never issue orders to his Sergeant, who may never issue orders to a Lieutenant, also protecting the integrity of the mission ("write down"). The Biba model defines a set of security rules, the first two of which are similar to the
Bell–LaPadula model The Bell–LaPadula Model (BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. S ...
. These first two rules are the reverse of the Bell–LaPadula rules: # The Simple Integrity Property states that a subject at a given level of integrity must not read data at a lower integrity level (''no read down''). # The * (star) Integrity Property states that a subject at a given level of integrity must not write to data at a higher level of integrity (''no write up''). # Invocation Property states that a process from below cannot request higher access; only with subjects at an equal or lower level.


Implementations

* In
FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...
, the Biba model is implemented by the mac_biba MAC policy. * In
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
, the Biba model is implemented in the General Dynamics Mission Systems PitBull product. * In
XTS-400 The XTS-400 is a multilevel secure computer operating system. It is multiuser and multitasking that uses multilevel scheduling in processing data and information. It works in networked environments and supports Gigabit Ethernet and both IPv4 ...
, the Biba model is implemented in the BAE Systems's XTS-400 operating system.


See also

*
Discretionary Access Control In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria (TCSEC) as a means of restricting access to objects based on the identity of subjects and/or groups to ...
– DAC *
Graham–Denning model The Graham–Denning model is a computer security model that shows how subjects and objects should be securely created and deleted. It also addresses how to assign specific access rights. It is mainly used in access control mechanisms for distribu ...
*
Mandatory Access Control In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a ''subject'' or ''initiator'' to access or generally perform some sort of operation on a ...
– MAC *
Multilevel security Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearan ...
– MLS *
Security-Enhanced Linux Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space ...
* Security Modes of Operation *
Take-grant protection model The take-grant protection model is a formal model used in the field of computer security to establish or disprove the safety of a given computer system that follows specific rules. It shows that even though the question of safety is in general unde ...
*
Clark–Wilson model The Clark–Wilson integrity model provides a foundation for specifying and analyzing an integrity policy for a computing system. The model is primarily concerned with formalizing the notion of information integrity. Information integrity is ...


References

{{Reflist


External links


"Integrity Policies" Power Point presentation from University of Colorado at Colorado Springs
Computer security models