417055
Description
Mind Map by Craig Parker, updated more than 1 year ago
|
Created by Craig Parker
over 10 years ago
|
|
U4. Biba
- Biba is a state machine model similar
to BLP for integrity policies that
regulate the modification of objects
- Concerned with integrity
- Models integrity policy
- Models integrity policy
- modifications of objects
can only flow downwards
- Concerned with integrity
- Integrity levels (such as 'clean' and 'dirty' or 'high'
and 'low') are assigned to subjects and objects
- The basic idea of Biba is that a 'dirty' subject should
not be allowed to contaminate (modify) a clean object.
- The basic idea of Biba is that a 'dirty' subject should
not be allowed to contaminate (modify) a clean object.
- Biba also has policies for an 'invoke' operation whereby
one subject can access (invoke) another subject,
- Different modes
- Static Mode - Similar to BLP
- 2 Security policies
- Simple integrity property - No write up
- Integrity *-property
- If subject s can read (observe) object o, then s can
have write access to some other object o’
- You are not permitted to 'contaminate' a
high-level object with low-level data
Annotations:
- he Marketing Director of a company reads unsubstantiated information about market share from a public document obtained from the Internet. He then writes this information into the company’s strategic marketing plan for next year. The effect is that the company’s marketing strategy is based on low-grade (and possibly incorrect) data. he Biba integrity *-property prevents this situation from occurring
- If subject s can read (observe) object o, then s can
have write access to some other object o’
- Simple integrity property - No write up
- 2 Security policies
- Dynamic Mode
- Integrity levels change
- a 'clean' subject may read a 'dirty' object, but the result
is that the subject is then re-classified as 'dirty'
- a low-level subject is permitted to write to a high-level
object, but the object is then re-classified as low-level
- a 'clean' subject may read a 'dirty' object, but the result
is that the subject is then re-classified as 'dirty'
- Policy enforces automatic
adjustment of security levels
- Integrity levels change
- Static Mode - Similar to BLP
- Biba is the Duel of BLP. If you
combine them see note
Annotations:
- In other words, the combination of BLP and Biba, with the same security labels, means that a subject may only access objects at exactly the same security level. If this is the intention of the policy, then that’s fine, but as we have seen there are some obvious situations where this can lead to problems (remember the manager sending a memo to his staff!).
- Can be extended to include an
access operation 'invoke'.
- Subject may invoke another subject (such
as a software tool) to access an object
- Subjects are only allowed to invoke tools at a lower
level. Otherwise, indirect contamination may occur.
- Subjects are only allowed to invoke tools at a lower
level. Otherwise, indirect contamination may occur.
- Subject may invoke another subject (such
as a software tool) to access an object
- Ring property (opposite of invoke)
- A 'dirty' subject s1 may only invoke a
'clean' tool s2 to touch a 'clean' object.
- A 'dirty' subject s1 may only invoke a
'clean' tool s2 to touch a 'clean' object.
- The crucial lesson to learn is that you must
decide the policy before attempting to model
Want to create your own Mind Maps for free with GoConqr? Learn more.