The Lipner Model (Integrity Matrix Policy)

Question 1

What is the purpose of the Lipner model?

Answer 1

The Lipner model tries to include both integrity and confidentiality in one model. This is achieved through combining the Bell-LaPadula and Biba models.

Question 2

What are the confidentiality categories and levels in the Lipner model?

Answer 2

The confidentiality categories are:
1. Production (SP) - system audit and management functions.

2. Development (SD) - program under development.
3. System Development (SSD) - system program under development

The confidentiality levels are:
1. Audit Manager (AM) (high) - for system audit and management functions.

2. System low (SL) (low) - any other process.

Question 3

What are the integrity categories and levels in the Lipner model?

Answer 3

The integrity categories are:
1. Development (ID) - development entities.

2. Production (IP) - production entities.

The integrity levels are:
1. System Program (ISP) (high) - for system programs.

2. Operational (IO) (low) - for production and development programs.
3. System Low (ISL) - user level

Question 4

Can ordinary users read and modify production data and code?

Answer 4

An ordinary user will have the confidentiality category Production (SP) with the confidentiality level System Low (SL), and the integrity category Production (IP) and integrity level System Low (ISL). Ordinary users need access to production to do simple tasks.

Production code has the confidentiality clearance Production and level System Low. The integrity category is Production IP, but its clearance is Operational (IO) which is above System Low. Therefore, an ordinary user cannot read or modify production code.

Production data has the same confidentiality and integrity categories as an ordinary user. Therefore, ordinary users can read and modify production data.