Which access control model states that for integrity to be maintained data must not flow from a
receptacle of given integrity to a receptacle of higher integrity?
A.
Lattice Model
B.
Bell-LaPadula Model
C.
Biba Model
D.
Take-Grant Model
Explanation:
If implemented and enforced properly, the Biba model prevents data from any integrity level from
flowing to a higher integrity level. – Shon Harris All-in-one CISSP Certification Guide pg 244