|
Home > Archive > CISSP > February 2005 > Question about lapadula and biba model
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Question about lapadula and biba model
|
|
| itflyer 2005-02-04, 9:52 pm |
| Hi, all:
my question is, in these two models, does the people can read and write the SAME security level files?
Thank you! | |
|
| Hello,
My understanding is this, the Bell-LaPadula focuses on confidentiality. It is known as an information flow security model also, which means that information does not flow to an object of lesser or non-comparable classification.
The Biba model is latticed-based and uses the less than or equal to relation. Focuses on integrity. A subject cannot write data to an object at a higher integrity level
“no write up”. A subject cannot read data from an object at a lower integrity level
“no read down”.
SB4 | |
| itflyer 2005-02-05, 5:17 pm |
| quote:
Originally posted by SB4
Hello,
My understanding is...
The Biba model is latticed-based and uses the less than or equal to relation...
SB4
Hello, SB4:
Thank you for your kindd reply.
According what you wrote:
In Lapadula model, actually no read peer or write peer permission.
But in Biba model, a subject can write data to and read data from object at the peer integrity level, besides "write down” and “read up” permissioin.
Is my understanding right?
Cheers. | |
| t_bind 2005-02-08, 10:50 am |
| The simple concept is:
Bell-LaPadula - addresses confidentiality
Two main properties:
1) Simple Security Property:
Cannot read information from an object with a higher sensitivity label than yours
2) Star Property:
Cannot write information to an object with a lower sensitivity label than yours
Biba (aka Bell-LaPadula Upside Down) - addresses integrity
Two main properties:
1) Simple Integrity Property:
Cannot read information from an object with a lower sensitivity label than yours
2) Star Integrity Property:
Cannot write information to an object with a higher sensitivity label than yours
Yes, there are other properties, but this should answer your question. | |
| itflyer 2005-02-10, 5:59 pm |
| quote:
Originally posted by t_bind
The simple concept is:
Bell-LaPadula - addresses confidentiality
Two main properties:
1) Simple Security Property:
Cannot read information from an object with a higher sensitivity label than yours
2) Star Property:
Cannot write information to an object with a lower sensitivity label than yours
Biba (aka Bell-LaPadula Upside Down) - addresses integrity
Two main properties:
1) Simple Integrity Property:
Cannot read information from an object with a lower sensitivity label than yours
2) Star Integrity Property:
Cannot write information to an object with a higher sensitivity label than yours
Yes, there are other properties, but this should answer your question.
Thanks |
|
|
|
|