This model (sometimes referred to as Bell-LaPadula upside down) is a security model that only addresses the integrity of data within a system. The Biba model uses integrity levels to prevent data at any integrity level from flowing to a higher integrity level.
Biba has three main rules to provide this type of protection:
- *-integrity axiom: A subject cannot write data to an object at a higher integrity level
- Simple integrity axiom: A subject cannot read data from a lower integrity level
- Invocation property: A subject cannot invoke service at higher integrity
This model integrity model establishes a security framework for use in commercial activities, such as the banking industry.
This model uses the following elements:
- Users: Active agents
- Transformation procedures (TPs): Programmed abstract operations, such as read, write and modify and in fact, it Maintains integrity of CDIs.
- Constrained data items (CDIs): Data inside the control area. It can be manipulated only by TPs.
- Unconstrained data items (UDIs): Data outside the control area, such as input data. It can be manipulated by users by primitive read and write operations.
- Integrity verification procedures (IVPs): Check the consistency of CDIs with external reality.
This model ensures that the actions of different objects and subjects aren’t seen by (and don’t interfere with) other objects and subjects on the same system.. By implementing this model, the organization can be assured that covert channel communication does not occur because the information cannot cross
A covert channel is a policy-violating communication that is hidden from the owner or users of a data system.
Brewer and Nash Model
The main goal of this model is to protect against conflicts of interest by users’ access attempts. This model states that a subject can write to an object if, and only if, the subject cannot read another object that is in a different dataset. The Brewer and Nash models are also known as the Chinese wall model.
This model is based on three parts: objects, subjects, and rules. There are eight rules:
- Transfer Access
- Grant Access
- Delete Access
- Read Object
- Create Object
- Destroy Object
- Create Subject
- Destroy Subject
Harrison-Ruzzo-Ullman (HRU) Model
(HRU) Model maps subjects, objects, and access rights to an access matrix. This model has six primitive operations:
- Create object
- Create subject
- Destroy subject
- Destroy object
- Enter right into access matrix
- Delete right from access matrix
Go CISSP’s Home