Biba Security Model - Essay Sample

Introduction

Computer security revolves around three main aspects that include integrity, availability, and confidentiality. Accordingly, organizations develop and implement security policies based on these aspects and their needs. To achieve this, security models are utilized to help express the rules to be followed in a computer system. The most common types of models include the access control and the discretionary access control. For many organizations, the access control model is the foundation of their security policy. Some of the common examples of these model include the Biba model and the Bell-Lapadulla model. The Bell-Lapadula model was among the first models to be created to control access to a computer system (Jajodia & van Tilborg, 2011). However, its shortcomings especially those that relate to data integrity prompted the development of the Biba model to address those weaknesses.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Biba Model

Before the creation of the Biba Model, Bell-Lapadulla model was used to deal with issues relating to data integrity/confidentiality in multi-level security. However, Bell-Lapadula has a major limitation in that it only addresses confidentiality exclusively and ignores the problem of data integrity or data flowing through unauthorized channels. In addition, the model was developed at a period when mainframe was the popular framework. As a result, the model does not have the required flexibility to sufficiently adapt to the fast-growing computer technologies (Jajodia & van Tilborg, 2011).

From a security perspective, integrity entails a way of making sure that authorized users do not make unauthorized changes to data that authorized users are unable to alter information, and that data flowing in out of databases is consistent and uncorrupted. The issue of data integrity is more common in private business organizations and public organizations while confidentiality is more common in government systems, law enforcement agencies, and the military (Jajodia & van Tilborg, 2011; Biba, 1977). Typically, in cases where data in a high level of security clearance interacts with information from a lower level of security clearance or if the data from higher security level is manipulated by a program with a lower level of security, it is highly likely that the data from higher security level will be corrupted or its security clearance downgraded. A practical example would be a top-secret file being accessed or viewed by an unauthorized file reader which might add or remove some words, or introduce malware to corrupt the file.

The need to create Biba Model came after the realization that the Bell-LaPadulla model allowed a user with low-level security clearance to access and alter highly classified files due to lack of an effective integrity policy. In computer programs, the primary objectives of integrity are:

• Prevent alteration of information by unauthorized persons.
• Prevent authorized users from making unauthorized changes.
• Ensure that the data currently in use and transit accurately reflects the real-life conditions it is intended to represent.
• Maintain external and internal consistency of the database and the approved sources of data (Jajodia & van Tilborg, 2011).

Levels of Integrity

Although definitions differ from one organization to another and the nature of the task being executed, the typical hierarchy of levels of integrity is as follows:

• Untrusted
• Slightly trusted
• Trusted
• Highly trusted
• Unimpeachable

Although the Biba Model was created to address shortcomings, there is the dilemma of parallel systems whereby integrity and confidentiality are intertwined, it is expected that information will flow toward the highest security level. That is because the Bell-LaPadulla model indicates that low-level users are only permitted to view data that is above their security clearance. However, in the context of maintaining integrity, higher security levels have lower levels of integrity. In such a case, there are sets of individual sub-systems and each of them has its own set of access privileges and rights. Consequently, communication between users in different security levels becomes impossible. Although the design consideration of safety would be achieved, it would be impossible to share information which would beat the significance of having an organization with users on the same system (Jajodia & van Tilborg, 2011).

Structure

Biba's integrity model adopts a lattice structure which is defined by a mathematical algorithm to allow the security levels created by Bell-LaPadulla, the integrity levels created by Biba, and the compartmentalized data structured by the military's "need to know" basis (access rights and privileges) to co-exist harmoniously (Jajodia & van Tilborg, 2011). In particular, Biba entails a ranking system which evaluates and compares the integrity levels that have an association with processes, files, and people. However, it uses that same principle to Bell-LaPadulla to define subjects (persons, programs, and processes) and objects (documents, raw data, programs). Primarily, Biba's policy of protecting objects from illegal modification is defined by three characteristics that include simple integrity, star integrity, and invocation. According to Jajodia and van Tilborg, (2011), simple integrity, otherwise known as "no read down" or "the simple integrity axiom", refers to a feature whereby a subject from a given integrity level is not allowed to view an object in a lower level of integrity. On the other hand, the star integrity, also known as "no write up," entails a feature whereby an object in a given integrity level is prohibited from writing an object at a higher integrity level. Lastly, invocation entails a feature whereby a subject in certain integrity level is not permitted to invoke or call a subject from a higher level of integrity (Jajodia & van Tilborg, 2011).

As noted by Jajodia and van Tilborg,(2011), the Biba Integrity Model was developed to facilitate the isolation of high-value assets with a high level of integrity from lower-level assets to avoid corruption. As such, any new object created within a system is assigned the same level of integrity as the process that created it. That works to prevent any process from assigning any data a higher level of integrity that the one it had before.

Real Life Applications

In a computer system, processes with privileges and high levels of integrity are only permitted to read data with high levels of integrity and are shielded to view data with lower levels of integrity. That is very helpful especially in the case where a low-level user attempts to introduce malware into the path of a privileged process. In such cases, the user is blocked and the attempt to cause harm thwarted because the privileged process would not be able to access the low-level malware. In addition, attempts to put Trojan in a directory where high-level processes read data would be thwarted because the low-level user would not have the access or the permission to write that directory (Biba, 1977). In the same way, processes with low-levels of integrity can only view but cannot write or make changes in the system data and files. Although the Babi Model addresses the shortcomings of Bell-LaPadula, assigning of privileged processes to high levels of integrity as a security mechanism affects the performance of system-wide activities like backups.

References

Biba, K. J. (1977). Integrity considerations for secure computer systems (No. MTR-3153-REV-1). Mitre Corp Bedford Ma.

Jajodia, S., & van van Tilborg, H. C. (Eds.). (2011). Encyclopedia of Cryptography and Security: L-Z. Springer.