TheBiba Model orBiba Integrity Model developed by Kenneth J. Biba in 1975,[1] is a formalstate transition system ofcomputer security policy describing a set ofaccess control rules designed to ensuredata integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.
In general the model was developed to address integrity as the core principle, which is the direct inverse of theBell–LaPadula model which focuses on confidentiality.[2]: 35
In general, preservation of dataintegrity has three goals:
This security model is directed toward dataintegrity (rather thanconfidentiality) and is characterized by the phrase: "read up, write down". This is in contrast to the Bell-LaPadula model which is characterized by the phrase "read down, write up".
In the Biba model, users can onlycreate content at or below their own integrity level (a monk may write a prayer book that can be read by commoners, but not one to be read by a high priest). Conversely, users can onlyview content at or above their own integrity level (a monk may read a book written by the high priest, but may not read a pamphlet written by a lowly commoner). Another analogy to consider is that of the militarychain of command. A General may write orders to a Colonel, who can issue these orders to a Major. In this fashion, the General's original orders are kept intact and the mission of the military is protected (thus, "read up" integrity). Conversely, a Private can never issue orders to his Sergeant, who may never issue orders to a Lieutenant, also protecting the integrity of the mission ("write down").
The Biba model defines a set of security rules, the first two of which are similar to theBell–LaPadula model. These first two rules are the reverse of the Bell–LaPadula rules: