BTG-BIBA: A Flexibility-Enhanced Biba Model
Using BTG Strategies for Operating System
Gang Liu, Can Wang, Runnan Zhang, Quan Wang, Huimin Song, Shaomin Ji
Abstract—Biba model can protect information integrity but might
deny various non-malicious access requests of the subjects, thereby
decreasing the availability in the system. Therefore, a mechanism that
allows exceptional access control is needed. Break the Glass (BTG)
strategies refer an efficient means for extending the access rights of
users in exceptional cases. These strategies help to prevent a system
from stagnation. An approach is presented in this work for integrating
Break the Glass strategies into the Biba model. This research proposes
a model, BTG-Biba, which provides both an original Biba model used
in normal situations and a mechanism used in emergency situations.
The proposed model is context aware, can implement a fine-grained
type of access control and primarily solves cross-domain access
problems. Finally, the flexibility and availability improvement with
the use of the proposed model is illustrated.
Keywords—Biba model, break the glass, context, cross-domain,
fine-grained.
I. INTRODUCTION
W
ITH the continuous development of modern
information technology, information security problems
have been increasingly attracting attention. Information
security mainly rests on confidentiality, integrity and
availability. To ensure the safety of information, a system
must provide effective access control [1].
Researchers have proposed a variety of access control
models for protecting different aspects of information security,
such as Bell-LaPadula (BLP) [2] for confidentiality, Biba [3]
and Clark Wilson [4] for integrity and Role-based Access
Control (RBAC) [5] for security and integrity [6]. Information
integrity is typically defined in terms of preventing improper
or unauthorized change and aims to maintain data consistency
[7]. There are several research works on integrity protection
such as [8], which proposes a new model, Integrity-OrBAC, to
preserve critical infrastructure integrity. Reference [9] provides
a review of the prevalent data integrity models, evaluation
mechanisms and integrity centric implementations.
The Biba model is the earliest multi-level security integrity
model with the MAC (mandatory access control) [10]
framework. Mainstream operating-system vendors did not
adopt the Access-Control Frameworks until the early 2000s
with the MAC Framework on FreeBSD [11] and shortly after,
Linux Security Modules (LSM) [12]. The MAC Framework
appeared in 2003 and FreeBSD 8.0 in 2009 included the
framework as a production feature, compiled into the default
kernel [13]. The system is classified into several integrity
Can Wang is with the Department School of Computer Science and
Technology, XIDIAN University, No. 2 Taibai South Road, Xi’an, China,
710071 (e-mail: gliu
xd@163.com).
Gang Liu, Runnan Zhang, Quan Wang, Huimin Song and Shaomin Ji are
with XIDIAN University.
levels. Each subject and object is assigned an integrity
level. Biba proposed five policies and strictly formalized
the definitions of the policies. One of the policies is the
mathematical dual of the BLP model [2] called the strict
integrity policy (SIP) [3]. This policy is very strict, so it
is difficult for the SIP to meet system flexibility needs; it
has not been widely implemented. In order to solve the
model flexibility problem, various improved models have
been proposed. To a certain extent, dynamic enforcement of
the strict integrity policy (DESIP) proposed in [14] solves
the problem that some non-malicious access requirements
may be unable to obtain adequate access permission. The
concepts of check domain and subject with privilege are
advanced in [15]; a method is introduced to dynamically
change the security label in the check domain to solve
the contradiction of BLP and Biba. However, this check is
time-consuming and is not necessarily guaranteed in real-time.
An improved SIP with dynamic characteristics is presented
in [16], which can increase software compatibility while
keeping the integrity and SIP intact. Reference [17] proposes a
model that enhances the data integrity. The proposed model is
based on the Biba integrity model but uses more elaborate
integrity measurements. An improved model based on the
low-water-mark policy is proposed in [18], which reduces the
integrity level decline rate, prolongs the system life cycle and
enhances the system availability.
For traditional access control models, there is typically the
assumption that access permissions are known in advance
and that rules have been set up correctly. However, in real
situations, errors are made and unanticipated or emergency
situations may occur [19], [20]. The improved Biba [3] models
above, however, are not well behaved in fine-grained control
and flexibility control. Motivated by disaster management use
cases, break-glass strategies were introduced as one approach
for resolving these problems [21].
There are many existing problems in the Biba model, such
as integrity level assignments, the lack of fine-grained control
and context-sensitivity. Considering the defects of Biba, the
BTG-Biba model is proposed in this work that integrates Break
the Glass (BTG) strategies [22] into the Biba model. In this
paper, through the principle of BTG, such as governance,
accessibility, awareness and accountability, BTG-Biba can
maintain the regular access operation which are allowed in
Biba and open the BTG mode in an emergency situation to
solve the irregular access problem by detecting the system
state variable. All access operations under emergency mode
must obey the rule that only a single subject can have a request
to access a single object. By monitor of the audit, all the
World Academy of Science, Engineering and Technology
International Journal of Computer and Information Engineering
Vol:11, No:6, 2017
766International Scholarly and Scientific Research & Innovation 11(6) 2017 scholar.waset.org/1307-6892/10007355
International Science Index, Computer and Information Engineering Vol:11, No:6, 2017 waset.org/Publication/10007355