Differences between Bell-LaPadula and Biba Model
|
Aspect |
Bell-LaPadula Model |
Biba Model |
|
Primary Goal |
Data Confidentiality – prevent unauthorized disclosure of information |
Data Integrity – prevent unauthorized modification of data |
|
Main Use Case |
Military, defense, and classified environments |
Financial systems, healthcare records, and industrial control systems |
|
"No Read" Rule |
No Read Up (Simple Security Property): users can’t read data at higher classification levels |
No Read Down: users can’t read data from lower integrity levels |
|
"No Write" Rule |
No Write Down (*-Property): users can’t write to lower classification levels |
No Write Up: users can’t write to higher integrity levels |
|
Trust Model |
Lower-level users are not trusted to access higher-level secrets |
Lower-level data is not trusted to influence higher-integrity processes |
|
Access Focus |
Who can see the data |
Who can change the data |
Statlearner
Statlearner