As an analog of confidentiality labels, integrity labels in the Biba model are assigned according to
which of the following rules?
A.
Objects are assigned integrity labels according to their trustworthiness; subjects are assigned
classes according to the harm that would be done if the data were modified improperly.
B.
Objects are assigned integrity labels identical to the corresponding confidentiality labels.
C.
Integrity labels are assigned according to the harm that would occur from unauthorized disclosure
of the information.
D.
Subjects are assigned classes according to their trustworthiness; objects are assigned integrity
labels according to the harm that would be done if the data were modified improperly.
Explanation:
As subjects in the world of confidentiality are assigned clearances related to their trustworthiness,
subjects in the Biba model are assigned to integrity classes that are indicative of their
trustworthiness. Also, in the context of confidentiality, objects are assigned classifications related to
the amount of harm that would be caused by unauthorized disclosure of the object. Similarly, in the
integrity model, objects are assigned to classes related to the amount of harm that would be caused
by the improper modification of the object. Answer a is incorrect since integrity properties and
confidentiality properties are opposites. For example, in the Bell- LaPadula model, there is no
prohibition against a subject at one classification reading information from a lower level ofconfidentiality. However, when maintenance of the integrity of data is the objective, reading of
information from a lower level of integrity by a subject at a higher level of integrity risks
contaminating data at the higher level of integrity. Thus, the simple and * -properties in the Biba
model are complements of the corresponding properties in the Bell-LaPadula model. Recall that the
Simple Integrity Property states that a subject at one level of integrity is not permitted to observe
(read) an object of a lower integrity (no read down). Also, the *- Integrity Property states that an
object at one level of integrity is not permitted to modify (write to) an object of a higher level of
integrity (no write up). * Answer “Objects are assigned integrity labels according to their
trustworthiness; subjects are assigned classes according to the harm that would be done if the data
were modified improperly” is incorrect since the words object and subject are interchanged. * In
answer “Integrity labels are assigned according to the harm that would occur from unauthorized
disclosure of the information”, unauthorized disclosure refers to confidentiality and not to integrity.