文档介绍：Chapter6:IntegrityPoliciesOverviewRequirementsBiba’smodelsLipner’smodelClark-WilsonmodelJune1,puterSecurity:ArtandScienceOverviewRequirementsVerydifferentthanconfidentialitypoliciesBiba’smodelsLow-Water-MarkpolicyRingpolicyStrictIntegritypolicyLipner’binesBell-LaPadula,BibaClark-WilsonmodelJune1,puterSecurity:ArtandScienceRequirementsofPoliciesUserswillnotwritetheirownprograms,-productionsystem;esstoactualdata,theywillbegivenproductiondataviaaspecialprocess,,puterSecurity:ArtandScienceBibaIntegrityModelBasisforall3models:SetofsubjectsS,objectsO,integritylevelsI,relation≤IIholdingwhenseconddominatesfirstmin:IIIreturnslesserofintegritylevelsi:SOIgivesintegritylevelofentityr:SOmeanssScanreadoOw,xdefinedsimilarlyJune1,puterSecurity:ArtandScienceIntuitionforIntegrityLevelsThehigherthelevel,urateand/orreliableNoterelationshipbetweenintegrityandtrustworthinessImportantpoint:integritylevelsarenotsecuritylevelsJune1,puterSecurity:ArtandScienceInformationTransferPathAninformationtransferpathisasequenceofobjectso1,...,on+1andcorrespondingsequenceofsubjectss1,...,snsuchthatsiroiandsiwoi+1foralli,1≤i≤:informationcanflowfromo1toon+essivereadsandwritesJune1,puterSecurity:ArtandScienceLow-Water-MarkPolicyIdea:whensreadso,i(s)=min(i(s),i(o));scanonlywriteobjectsatlowerlevelsRulessScanwritetooOifandonlyifi(o)≤i(s).IfsSreadsoO,theni(s)=min(i(s),i(o)),wherei(s)isthesubject’Scanexecutes2Sifandonlyifi(s2)≤i(s1).June1,puterSecurity:ArtandScienceInformationFlowandModelIfthereisinformationtransferpathfromo1Otoon+1O,enforcementoflow-water-markpolicyrequiresi(on+1)≤i(o1)foralln>:Assumeinfor