Biba Model of Access Control

Questions and Answers

Which of the following best describes the Biba model of access control?

• It focuses on both confidentiality and data integrity equally.
• It prioritizes data integrity over confidentiality. (correct)
• It prioritizes confidentiality over data integrity.
• It does not prioritize either confidentiality or data integrity.

What is the simple integrity axiom in the Biba model?

• No read down.
• No write up.
• Anyone accessing a resource can only write its contents to one classified at the same level or lower.
• The level of access granted to an individual must be no lower than the classification of the resource. (correct)

What is the * integrity axiom in the Biba model?

• No read down.
• The level of access granted to an individual must be no lower than the classification of the resource.
• No write up.
• Anyone accessing a resource can only write its contents to one classified at the same level or lower. (correct)

Flashcards are hidden until you start studying

Study Notes

Biba Model of Access Control

• The Biba model is a mandatory access control model that focuses on the integrity of data rather than confidentiality
• It is a discretionary access control model that prioritizes the integrity of data over confidentiality and availability

Integrity Axioms in the Biba Model

• The simple integrity axiom states that a subject at a certain level of integrity cannot write to an object of a higher level of integrity
• The * integrity axiom states that a subject at a certain level of integrity can read an object at the same or higher level of integrity, but cannot write to an object at a higher level of integrity