Biba is dual of BLP
– Focuses on integrity rather than confidentiality
– Read-up and write-down rules
Examples
– Integrity level could be high, medium or low
– Compartment could be similar to BLP and captures topic(s) of document
– Low integrity information should never flow up into high integrity documents
Policies for Commercial Envrionments
– User clearance is not common
– Other requirements exist
Data only be accessed by certain application(e.g., payroll)
Separation-of-duty and conflict-of-interest requirements
Clark-Wilson Policy
Users -> Programs(transactions) -> Objects
same user cannot execute two programs that require separation-of duty
Chinese Wall Policy
deals with conflict of interest
Objects are put into conflict classes:
the user can access any object as long as he/she has not accessed an object from another company in the same conflict class
Trusted Computing Bases(TCB)
Revisiting Trusted Computing Base(TCB)
– How do we know TCB can be trusted?
Secure vs. trusted vs high assurance
set of all hardware and software trusted to operate securely
required for all other trust in the system security policy
