The previous post is correct. Below is an expanded explanation you
may find useful.
BLP is a confidentiality model. This is also called a security
model. (Yes, security typically means CIA but not in this case -
just go with it.)
Confidentiality is acheived by 1) not allowing secret users to read
Top Secret files. This is refered to as "no read up". That is the
simple part and thus this is refered to as the: simple_security_rule.
Confidentiality is ensured by 2) not allowing Top Secret processes
to write to Secret files. Within a computer system we cannot always
trust the programs running on our behalf. For example, there may be
a TH running at the Top Secret level that will attempt to write TS
information to a Secret file (without the TS user knowing it). This
clearly must be stopped and is referred to as "no write down". But
it was not so obvious when this was first discussed. In fact they
had a hard time coming up with a name for this rule and called it
the *-property of security. Litterally, a paper was published with
an asteric holding the place of the name to be applied to the rule.
This has become known as the "star-property of security and later as
the confinement property of security (someone finally thought of a
good name.)
Biba is an integrity model.
Integrity is acheived by 1) not allowing High Integrity users to
read Low Integrity files. This is refered to as "no read down". That
is the simple part and thus this is refered to as the:
simple_integrity_rule.
Integrity is ensured by 2) not allowing Low Integrity processes to
write into High Integrity files. This is referred to as "no read
down". Echoing the BLP use of the simple and "*" properties the Biba
model called this rule the *-property of integrity also referred to
as "star-property of integrity or confinement property of integrity.
BTW: Some people call properties axioms, so you can add
simple_security axiom, star_security_axiom, simple_integrity_axiom,
and confinement_integrity_axiom to your list as well.
Here's a trick to remember this stuff:
1) BLP = security; Biba = integrity
2) "reading is easy"
The second trick refers to the fact that the "simple" rule in each
of the models has "read" in it. BLP simple: no read up; Biba simple:
no read down.
------------------------ Yahoo! Groups Sponsor --------------------~-->
$9.95 domain names from Yahoo!. Register anything.
http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
