OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Arant, Michael (michael.arant@mail.va.gov)
Date: Thu Oct 25 2001 - 07:23:17 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Steve Wang said...

    >I am reading the "The CISSP Prep Guide" and have the following question
    about the Biba integrity model (page 205): in the book, the simple integrity
    axiom is interpreted as "no read down". why no read down for integrity?
    Will read down hurt integrity?

    Steve,

    I had the same befuddlement at first. Try to see it this way. "Reading up"
    in the context of integrity classification can do nothing but improve the
    quality of your knowledge. Seen in reverse, "reading down" in the context
    of integrity classification will contaminate your knowledge. By not
    "writing up", you can't contaminate the knowledge of those with higher
    clearances. Simplistic perhaps, but it works for me.

    ** VA: Security by Design **

    Michael S. Arant, CISSP
    Cyber Security Office (045C)
    Department of Veterans Affairs, Room 352A
    810 VT Ave., NW.
    Washington, DC 20420
       
    Voice: 202-273-8840
    FAX: 202-273-6135
    michael.arant@mail.va.gov
      
     -----Original Message-----
    From: Steve Wang [mailto:steve.wang@entegrity.com]
    Sent: Monday, October 22, 2001 12:34 PM
    To: cisspstudy@lists.securityfocus.com
    Subject: The Biba integrity model

    Hi,

    I am reading the "The CISSP Prep Guide" and have the following question
    about the Biba integrity model (page 205):
    in the book, the simple integrity axiom is interpreted as "no read down".
    why no read down for integrity? Will read down hurt integrity?

    I also saw another description of the Biba integrity model (from another
    lecture) as follows
    a.. Simple Integrity Property: A subject s may modify an object o only
        if the clearance of the subject dominates the classification of the
        object (this rule, no write up, is called * integrity axiom in the book)
    b.. Integrity *-Property A subject s with read access to an object o can
        modify an object p only if the classification of o dominates the
        classification of p

    Obviously the above statement is NOT the same (indeed it is much
    different) as what is said in the book. It sounds to me that
    the above one in the lecture is more reasonable.

    Could somebody help me?.

    Thanks,

    Steve