Scribd
Upload
353 views7 pages

Biba Integrity Model

The Biba Integrity model was developed in 1975 by Kenneth Biba to address data integrity, which the existing Bell-LaPadula model did not cover. It defines integrity levels for subjects and objects to enforce strict data integrity. Companies like BAE Systems, General Dynamics, and Apple have implemented Biba in their operating systems and products. The model provides flexibility through various selectable policies but can be difficult to apply the right policy. It is best suited for access control and enforcing data integrity.

Uploaded by

oliver wekesa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
353 views7 pages

Biba Integrity Model

The Biba Integrity model was developed in 1975 by Kenneth Biba to address data integrity, which the existing Bell-LaPadula model did not cover. It defines integrity levels for subjects and objects to enforce strict data integrity. Companies like BAE Systems, General Dynamics, and Apple have implemented Biba in their operating systems and products. The model provides flexibility through various selectable policies but can be difficult to apply the right policy. It is best suited for access control and enforcing data integrity.

Uploaded by

oliver wekesa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

1

Biba Integrity Model

Student Name

Course

Institution

Date
BIBA INTEGRITY MODEL 2

Biba Integrity Model

Abstract

Kenneth J. Biba developed the Biba integrity model in 1975 to supplement the Bell-

LaPadula model, which was only concerned with ensuring data confidentiality. The Biba

developers wanted to provide information integrity which was not part of the Bell-LaPadula

model's purpose. Biba is defined on a mathematical basis which is critical in allowing Bell-

LaPadula's security levels and integrity. The Biba Integrity security model has been implemented

in British Aerospace (BAE) Systems (XTS-400 operating systems), General Dynamics Mission

Systems (Linux), and MacBook (FreeBSD). Several benefits and advantages can be linked to the

use of the Biba model, such as being simple and easy to implement and providing several

policies which are selectable as demand arises. However, its drawbacks include; it is hard to

choose the appropriate procedures to be implemented since it allows for various policies to be

used across different situations. It does not enforce information confidentiality. Lastly, it does

not support authorization revocation. Biba Integrity model can be used for access control and

enforcing data integrity.

 
BIBA INTEGRITY MODEL 3

Biba Integrity Model

Introduction

Kenneth J. Biba developed the Biba integrity model in 1975 to supplement the Bell-

LaPadula model, which was only concerned with ensuring data confidentiality (FinJan Team,

2016). The Biba developers wanted to provide information integrity which was not part of the

Bell-LaPadula model's purpose. This paper seeks to identify the advantages and disadvantages of

Biba and recommend two practical situations for this model's applicability.

The company that created Biba

Kenneth J. Biba developed the Biba integrity model in 1975. The model was developed

in the Mitre Corporation (FinJan Team, 2016). Officially released in 1977, the Biba integrity

model, often referred to as Biba77, was created to be used as a supplement to the already existing

Bell-LaPadula model. The Bell-LaPadula model was hugely concerned with securing data

confidentiality. Bell-LaPadula model was only focused on ensuring confidentiality and was

never concerned with the other CIA triad elements of integrity and availability. Besides, the

previous security models developed a long time ago during the mainframe computing era.

Therefore, they lacked the flexibility to adapt to the emerging computer technologies effectively.

This necessitated the need for new security models such as Biba Integrity Model.

What Biba Integrity Model is

The Biba Integrity model was developed to supplement the Bell-LaPadula model, which

was only concerned with ensuring data confidentiality. Biba was amongst the first security

models built with the primary intentions of addressing the major concerns concerning

information systems and integrity. Currently, the Biba security policies have been aligned and

are running parallel with the Bell-LaPadula model's policies. Therefore, they prove critical in
BIBA INTEGRITY MODEL 4

providing an all-around data security assurance needed by almost all companies. Biba is defined

on a mathematical basis, which is essential in allowing a combination of Bell-LaPadula's security

levels and integrity. According to FinJan Team (2016), Biba utilizes the same principle used by

Bell-LaPadula while carrying out object and subject definition.

What was the original purpose of the development of this model?

The Biba Integrity model's original purpose was to supplement the Bell-LaPadula model,

which only offered confidentiality. The Biba developers wanted to ensure information integrity

which was not part of the Bell-LaPadula model's purpose, making it necessary to develop a new

model to address integrity challenges. Integrity ensures that unauthorized parties' data

modification is limited, ensuring that information is transmitted accurately, and ensures that both

internal and external database consistencies are preserved. Therefore, the developers wanted to

ensure that systems are transformed from being untrusted to slightly trusted, trusted, and highly

trusted and to become unimpeachable. With both confidentiality and integrity, information

within the system will tend to flow from high-security levels. The development of Biba ensured

that all the isolated subsystems are confined with their own sets of rights and privileges. Lastly,

Biba leverages simple integrity, invocation, and star integrity policies to define properties aimed

at protecting the system's assets from being changed illegitimately.

Identify companies or organizations that use this model today (heading)

The Biba Integrity security model has been implemented in British Aerospace (BAE)

Systems, General Dynamics Mission Systems, and MacBook. BAE Systems plays a huge role in

assisting its customers in staying ahead of the current security-challenged world. BAE Systems is

critical in offering both national security and people security protection. BAE Systems has
BIBA INTEGRITY MODEL 5

implemented the Biba model to develop its XTS-400 operating systems which is essential in

providing customers with high assurance security. 

General Dynamics Mission Systems is another company that uses the model in the development

of its systems. The company provides essential solutions to its clients in leading, serving, and

protecting the world we are currently living in (General Dynamics Mission Systems, 2021). Biba

Integrity model has been implemented in the Linux Pit Bull product.

Lastly, Apple implements the Biba policy within its MacBook operating systems

(FreeBSD), which is essential in protecting its system objects and subjects' integrity through a

strict information flow policy (Free BSD, 2020). Using the Biba integrity model ensures that all

the security system objects are assigned integrity labels consisting of hierarchical and non-

hierarchical components. All these are critical in permitting all the security labels to be placed in

an order that allows protection of information as it moves. 

 What are the advantages and disadvantages of this model (heading)

Several benefits and advantages can be linked to the use of the Biba model. First of all,

Biba is relatively simple and easy to implement. In contrast with the Bell-LaPadula model,

implementing Biba's strict integrity policy is not hard. Besides, the Biba Integrity model provides

several guidelines which are selectable as demand arises. Therefore, where strict integrity

properties are too restrictive, then either the dynamic policies can effectively be used in place.

However, the Biba Integrity model has disadvantages too. First of all, it is hard to choose

the appropriate policies to be implemented since it provides various approaches to be used across

different situations. Even though it allows for flexibility, finding one perfect policy to address a

specific scenario might be difficult. Secondly, the Biba Integrity model does not do anything in

enforcing information confidentiality. Therefore, for better protection, it has to be supplemented


BIBA INTEGRITY MODEL 6

with other models like Bell-LaPadula. Besides, this model does not support authorization

revocation. Lastly, it only supports integrity labeling, where currently, no protocols are

supporting this labeling. 

What situations are most appropriate for this model (heading)

The two best situations are suitable for this model. Biba Integrity model can be used for

access control and enforcing data integrity. According to Wright (2008), Biba was designed with

data security policies for an express set of access control rules that enhances integrity. Their

integrity levels order both objects and subjects. 

Conclusion

The motivation behind the Biba Integrity development was to supplement the Bell-

LaPadula model, which was only concerned with information confidentiality. It was

implemented to assist organizations in enforcing system integrity. Therefore, maintaining the

integrity of the organization's information requires organizations to embrace the Biba model.
BIBA INTEGRITY MODEL 7

References

FinJan Team. (2016). A Closer Look at Data Security and the Biba Integrity Model. Finjan Blog.

Retrieved 16 April 2021, from https://blog.finjan.com/biba-integrity-model/#:~:text=Biba

%20in%201977%2C%20the%20Biba,a%20supplement%20to%20Bell%2DLaPadula.

Free BSD. (2002). mac_biba. Freebsd.org. Retrieved 16 April 2021, from

https://www.freebsd.org/cgi/man.cgi?mac_biba.

General Dynamics Mission Systems. (2021). General Dynamics Mission Systems.

Gdmissionsystems.com. Retrieved 16 April 2021, from https://gdmissionsystems.com/.

Wright, C. S. (2008). The IT regulatory and standards compliance handbook: How to survive

information systems audit and assessments. Elsevier.

You might also like