You are a security consultant for a contracting agency; the agency chief wants t

Question

You are a security consultant for a contracting agency; the agency chief wants to ensure he prevents subjects from writing information to a higher level than the subject’s security clearance. He also wants to ensure subjects from a higher level clearance cannot read information at a lower level. They require some type of access control models for their information systems to protect the integrity of their data. What is your best recommendation for a model to use?

A. Bell LaPadula

B. Biba

C. State Machine

D. Clark Wilson

Explanation / Answer

Answer: B. Biba

The Biba Model or Biba Integrity Model developed by Kenneth J. Biba is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt objects in a level ranked higher than the subject, or be corrupted by objects from a lower level than the subject.

In general the model was developed to address integrity as the core principle, which is the direct inverse of the Bell–LaPadula model.

In general, preservation of data integrity has three goals:

Prevent data modification by unauthorized parties
Prevent unauthorized data modification by authorized parties
Maintain internal and external consistency

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.