Biba Security Model

TheProfezzor · June 2014

I was going through "Biba Security Model" from different books and I found something strange. Kindly read through.

Biba was designed to address three integrity issues:

Prevent modification of objects by unauthorized subjects.
Prevent unauthorized modification of objects by authorized subjects.
Protect internal and external object consistency

Certified Information System Security Professional Guide - Sybex 6th

The following are the three main goals of integrity models:

Prevent unauthorized users from making modifications
Prevent authorized users from making improper modifications (separation of duties)
Maintain internal and external consistency (well-formed transaction)

Clark-Wilson addresses each of these goals in its model. Biba only addresses the first goal.
AIO Guide to CISSP CBK 6th - Shon Harris

Now, whose right on this?. The two books seem to contradict each other.

voodoo26 · June 2014

as far as i know that Clark-Wilson addresses 3 rules of integrity and Biba addresses only the first goal.

teancum144 · June 2014

TheProfezzor wrote: »

I was going through "Biba Security Model" from different books and I found something strange. Kindly read through.

Biba was designed to address three integrity issues:
Prevent modification of objects by unauthorized subjects.

Prevent unauthorized modification of objects by authorized subjects.

Protect internal and external object consistency

Certified Information System Security Professional Guide - Sybex 6th

The following are the three main goals of integrity models:
Prevent unauthorized users from making modifications

Prevent authorized users from making improper modifications (separation of duties)

Maintain internal and external consistency (well-formed transaction)

Clark-Wilson addresses each of these goals in its model. Biba only addresses the first goal.
AIO Guide to CISSP CBK 6th - Shon Harris

Now, whose right on this?. The two books seem to contradict each other.

Seems to me they're both saying the same thing. Let's start with the first bullet of each:

Prevent modification of objects by unauthorized subjects.
Prevent unauthorized users from making modifications

Unauthorized users = unauthorized subjects
The second bullet doesn't say what is being modified, but "objects" (i.e. data) is implied.

The second bullet of each are also saying the same thing:

Prevent unauthorized modification of objects by authorized subjects.
Prevent authorized users from making improper modifications (separation of duties)

Authorized users = authorized subjects
Again, "objects" is implied in the 2nd bullet.
"Separation of duties" can be implied in the first bullet because restricting authorized users from making unauthorized modifications is how you enforce SOD (it's nice that the AIO guide explicitly states "SOD" to make this connection).

The third bullet of each are also saying the same thing:

Protect internal and external object consistency
Maintain internal and external consistency (well-formed transaction)

Again, the word "object" is implied in the 2nd bullet. A definition of "well-formed transactions" is as follows: "When data is modified via developed procedures/mechanisms that have been designed to preserve/enforce the integrity of the information." So, a "well-formed transaction" preserves/enforces (protects) the integrity (consistency) of the information (objects).

TheProfezzor · June 2014

teancum144 wrote: »

Seems to me they're both saying the same thing. Let's start with the first bullet of each:
Prevent modification of objects by unauthorized subjects.

Prevent unauthorized users from making modifications

Unauthorized users = unauthorized subjects
The second bullet doesn't say what is being modified, but "objects" (i.e. data) is implied.

The second bullet of each are also saying the same thing:
Prevent unauthorized modification of objects by authorized subjects.

Prevent authorized users from making improper modifications (separation of duties)

Authorized users = authorized subjects
Again, "objects" is implied in the 2nd bullet.
"Separation of duties" can be implied in the first bullet because restricting authorized users from making unauthorized modifications is how you enforce SOD (it's nice that the AIO guide explicitly states "SOD" to make this connection).

The third bullet of each are also saying the same thing:
Protect internal and external object consistency

Maintain internal and external consistency (well-formed transaction)

Again, the word "object" is implied in the 2nd bullet. A definition of "well-formed transactions" is as follows: "When data is modified via developed procedures/mechanisms that have been designed to preserve/enforce the integrity of the information." So, a "well-formed transaction" preserves/enforces (protects) the integrity (consistency) of the information (objects).

The 3 bullets from Sybex and the 3 bullets from AIO are same. The wording is different but they are same. Sybex is saying that all 3 bullets apply on Biba. AIO says that only number 1 applies to Biba. How can they be same?

teancum144 · June 2014

TheProfezzor wrote: »

The 3 bullets from Sybex and the 3 bullets from AIO are same. The wording is different but they are same. Sybex is saying that all 3 bullets apply on Biba. AIO says that only number 1 applies to Biba. How can they be same?

My bad -- I didn't read the last statement. The Official Guide says the following on the topic:

As it turns out, Biba only addresses one of three key integrity goals. The Clark–Wilson model improves on Biba by focusing on integrity at the transaction level and addressing three major goals of integrity in a commercial environment. In addition to preventing changes by unauthorized subjects, Clark and Wilson realized that high-integrity systems would also have to prevent undesirable changes by authorized subjects and to ensure that the system continued to behave consistently. ...

The OG goes on in some detail, but, in short, according to the OG, Sybex is wrong and AIO is correct.

Biba Security Model

Comments