INFORMATION SECURITY AND AUDIT
1. Overview of information security
2. Information and Network Security Policies
3. Cryptography and PKI
4. Network security applications
5. Design Principles
6. Compliance, Evaluation system and Law
- Pci Dss
- Sox
- Hippa,
- Evaluating Systems
- Evaluating Systems, Goals Of Evaluating Systems
- Tcsec
- Itsec
- Fips
- Common Criteria
- Sse-Cmm
- Law And Information Security
- Historical Evolution Of Computer Related Law In The Us
- Privacy Law And Its Significance To Information Security
- The Uk Dpa And The Eu Gdpr
- Eta Of Nepal
7. Malicious logic and attacks
8. Vulnerability analysis and IT Audit
9. Intrusion detection and log analysis
LAB WORK -ISA
SOLVED PRACTICE QUESTIONS
Biba Model
The Biba Integrity Model is a formal state transition model designed to enforce data integrity policies. Developed by Kenneth J. Biba in 1977, the model is often considered a counterpart to the Bell-LaPadula Model, which focuses on confidentiality. The Biba Model ensures that data cannot be modified in an unauthorized manner, thereby maintaining the integrity of the information.
- Integrity Levels:
- Each subject (user or process) and object (data or resource) in the system is assigned an integrity level.
- These levels are hierarchical, similar to the security levels in the Bell-LaPadula Model. Higher levels represent higher integrity.
- Access Modes:
- The model defines various access modes such as read, write, and execute.
- Each access mode is subject to specific rules that enforce the integrity policy.
Rules for Biba Model
- Simple Integrity Property (No Write Up):
- A subject at a given integrity level is not allowed to write to an object at a higher integrity level.
- This prevents lower-integrity subjects from contaminating higher-integrity objects. For example, a user with an integrity level of "Untrusted" cannot write to data classified as "Trusted."
- *-Integrity Property (Star Integrity Property, No Read Down):
- A subject at a given integrity level is not allowed to read data at a lower integrity level.
- This prevents higher-integrity subjects from being influenced by lower-integrity data. For example, a user with an integrity level of "Trusted" cannot read data classified as "Untrusted."
- Invocation Property:
- A subject at a given integrity level cannot invoke (i.e., execute) a subject at a higher integrity level.
- This prevents lower-integrity subjects from indirectly influencing higher-integrity subjects through invocation.
Applications
- The Biba Integrity Model is widely used in environments where data integrity is critical, such as financial systems, medical records systems, and any context where the accuracy and reliability of data are paramount.
- It forms the basis for various security policies and is implemented in secure operating systems and database management systems to ensure that data modifications are authorized and trustworthy.
By enforcing strict integrity controls based on integrity levels, the Biba Model helps to prevent unauthorized data modification, ensuring that the information remains accurate, reliable, and trustworthy.