Biba Model
Biba Model
(also Biba Integrity Model)
Shadow Password Files definition
The Biba Model is a set of rules for a computer system that helps keep information safe and accurate. It was proposed by Kenneth J. Biba in 1977, hence the name. The focus of the Biba Model is to ensure that information cannot be corrupted by users who lack the appropriate credentials.
See also: data breach prevention, data corruption, data exfiltration, data integrity
Rules of the Biba Model:
- No Write Up (Integrity Axiom): This rule states that no one can write or modify information at a lower integrity level. This is to prevent high-quality information from being corrupted by less reliable sources. Think of it as a chef not being allowed to change the recipe of a beginner cook.
- No Read Down (Simple Security Property): This rule states that a user can’t read an object at a higher integrity level. This means you can’t look at or read information that’s more important than what you’re allowed to see. Imagine a student not being allowed to read the school principal’s documents.
Biba model use cases:
- Banks: Banks need to make sure their records are always right to meet regulations and protect their clients and themselves.
- Hospitals: Doctors and nurses need to have accurate medical records and ensure no one tampers with them in order to protect their patients.
- Government Offices: These places have a lot of important information that needs to stay correct. Protecting the data of the military and government records is a matter of national security.
- Online Stores: Websites need to keep track of what they’re selling, how much things cost, and who’s buying what.