What does the simple integrity axiom mean in the Biba model?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The simple integrity axiom of the Biba access control model states that a subject at one level of integrity is not permitted to observe an object of a lower integrity (no read down)
Source: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architectures and Models (page 205).
The simple integrity axiom in the Biba model states "no write up," which means that information cannot be written to a higher integrity level than the current level of the subject writing the information.
In the Biba model, the focus is on preserving the integrity of information rather than its confidentiality. The model is based on a hierarchy of integrity levels, where each level represents a degree of trustworthiness or assurance in the data.
The model defines two basic rules to govern the flow of information: the Simple Integrity Axiom and the * (star) Integrity Axiom. The Simple Integrity Axiom states that a subject at one level of integrity should not be able to modify objects at a higher level of integrity. Conversely, the * Integrity Axiom states that a subject at a higher level of integrity should not be able to read or access objects at a lower level of integrity.
So, the Simple Integrity Axiom prevents a subject from writing information to a higher integrity level, which helps to prevent unauthorized modification or tampering of sensitive data. For example, if a user at a low integrity level attempts to modify data at a high integrity level, the system will prevent the modification from occurring.
In conclusion, the simple integrity axiom in the Biba model means that information cannot be written to a higher integrity level than the current level of the subject writing the information. This helps to prevent unauthorized modification or tampering of sensitive data, and is one of the basic rules in the Biba model for governing the flow of information.