Pass your certification exam. Faster. Guaranteed.

Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.


Comprehensive practice exam engine!

  • Unlimited access to thousands of practice questions
  • Exam readiness score
  • Smart reinforcement


All features in the FREE plan, plus:

  • Focused training ensures 100% exam readiness
  • Personalized learning plan
  • Align exam engine to your current baseline knowledge
  • Eliminate wasted study time
  • Exam pass guarantee
  • And much more

Biba and Bell-LaPadula Transcription

Welcome to our security models module. In this modules, we'll discuss the Bell-LaPadula, and the Biba Models. The Bell-LaPadula model is a confidentiality model that's concerned with keeping sensitive data secure. It's an older department of defense model. It's very inflexible and formal and it's a state transition model that describes MAC, or mandatory access control rules.

We use security labels on objects and clearances for subjects. For example, we can have a piece of top secret data, and we can have users with top secret clearance, users with secret clearance. And users with no clearance and they're only allowed to access on classified data. It was originally defined by the Department of Defense in the TC SEC which is the Trusted Computer System Evaluation Criteria.

With this model all of our object must be labeled from the most sensitive, or top secret down to the least sensitive, or public. We divide our systems into users and labeled objects, and it's important that all of the objects have a label for the system to work properly.

And this is considered a state machine. We have a set of allowable system states. We preserve the security of our information even as the system moves from one state to another using the information flow model. And it applies to the confidentiality or secrecy of information. We're not concerned with this model with the integrity of information, this is a confidentiality model.

We have a couple properties that are used in this mode. The star property prevents anyone from writing down to a level below them. This prevents subjects with top secret clearance for example from writing that information into the secret or public area. They don't want anyone to be able to copy information and paste it into a lower level because that would allow leakage.

We also have this simple security property which prohibits reading up for confidentiality. So a user who has secret clearance is not permitted to read anything above that level, such as a top secret level. And it uses an access matrix of subjects and the objects with their labels to determine which subjects are permitted to access which objects.

And this is why we refer to this as a discretionary model. This slide gives us a visual representation of the Bell–LaPadula Model. Remember that the user is restricted from reading up and the user is restricted from writing down. We don't want them to steal secrets. So we do not allow them to read up to a higher level.

And we don't want them to divulge secrets to other unauthorized users, so we prevent them from writing down. If we look all the way to the left, this user is not permitted to read data from a layer of higher secrecy. They are permitted to read data from their layer, and they're also permitted to read data from a lower layer of secrecy.

In the middle example, you have a user who is permitted to write data to the top secret level, and to the secret level. But they're prohibited from writing data to the lower level because that could allow sensitive data to be released to individuals without clearance. And in the third example to the right, we see that this user's permitted to read or write at their level only.

But they don't have access to read or write from higher levels, or lower levels. And we refer to this as a strong star property when the user is only permitted to read and write to their exact same level of clearance. So while the Bell–LaPadula Model was based on confidentiality, the Biba Model is an integrity model.

It's concerned with data integrity to make sure that data is not modified without authorization. In the BIPPA model we use integrity levels, and we call those sensitivity levels in the Bell-LaPadula Model. These rules will prohibit users from making inappropriate modification of data, and prevent the corruption of data caused by introducing unreliable information.

We have an authentication process that prevents unauthorized users from making modifications. And we use mandatory access controls here, as well as a lattice model, and we have controls in place here that are slightly different than those we covered with the Bell-LaPadula model. Here we have a no write up policy, and a no read down policy.

So we do not allow subjects to read objects from a lesser integrity level or trust level. And we also do not permit them to write data from a lower level of trust or integrity to a higher level. So the users are prohibited from WURD, which stands for write up/ read down.

And we also have the invocation property with the Biba model, and the invocation property means that users can't request any services from an object with a higher integrity level. Meaning that if you have a secret classification you're not allowed to request anything from a top secret user because that's above your classification level.

So here we have a graphical representation of the Biba Model. Keep in mind, with the Biba Model, we are not permitting our users to write up to a higher level than they are authorized, and we are not allowing them to read from a lower level than they are authorized to.

So on the left here, our users permitted to read from their level as well as a higher level of accuracy, but they're not allowed to access any information at the lower level of secrecy. And over to the right, when we're writing, our users permitted to write to their level or write to the level below, but they're not permitted to write any data to the higher level.

This concludes our Security Models module. Thank you for watching.

Included in all plans.

1000's of practice test questions

Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.

Exam Readiness Score

Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.

Smart Reinforcement

Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.

THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!

PRO Membership Benefits.

Personalized Learning Plan

Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.

Exam Pass Guarantee

Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.

Eliminate Wasted Study Time

Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.

Coming Soon - Simulated Exam

More PRO benefits are being built all the time!