Follow our Telegram channel to get notified instantly whenever new books are published.
Information Security 360 – Jitendra Tripathi

The two core properties of the Bell-LaPadula model that ensure confidentiality are the Simple Security Property (no read up) and the Star Property (no write down). The Simple Security Property dictates that users cannot read information classified at a higher security level than their own clearance level. This prevents users from accessing information for which they are not authorized. The Star Property prevents subjects from writing information to objects at lower classification levels.
This prevents higher security classification information from being inadvertently or maliciously leaked through lower classification channels. The model also supports DAC through the Discretionary Security Property, where access control is enforced through an access matrix that allows some level of DAC. Biba model The Biba model is a complementary model to Bell-LaPadula and addresses data integrity issues. It is designed to protect the accuracy and reliability of information by preventing data corruption due to errors or malicious intent.
The Biba model finds application in financial systems, safety-critical controls, and data processing systems where information integrity is paramount. The Biba model defines two primary integrity properties that complement the confidentiality properties of the Bell-LaPadula model. These are the Simple Integrity Property (no write-up) and the Integrity Star Property (no read-down). The Simple Integrity Property prevents subjects from modifying objects at higher-integrity levels than their own. This ensures that higher-integrity information cannot be corrupted by a less trustworthy subject. The Integrity Star Property dictates that a subject at a specific integrity level cannot read an object of lower integrity.
This property prevents higher-integrity subjects from being contaminated by low-integrity data, thus protecting subjects from being influenced by potentially unreliable or corrupted information. There is a third property called the Invocation Property, which ensures that a process from a lower integrity level cannot request higher access and can interact only with subjects at an equal or lower integrity level.
All Rights Reserved. No part of this publication may be reproduced, distributed or transmitted in any form or by any means or stored in a database or retrieval system, without the prior written permission of the publisher with the exception to the program listings which may be entered, stored and executed in a computer system, but they can not be reproduced by the means of publication, photocopy, recording, or by any electronic and mechanical means.
LIMITS OF LIABILITY AND DISCLAIMER OF WARRANTY The information contained in this book is true and correct to the best of author’s and publisher’s knowledge. The author has made every effort to ensure the accuracy of these publications, but the publisher cannot be held responsible for any loss or damage arising from any information in this book. All trademarks referred to in the book are acknowledged as properties of their respective owners but BPB Publications cannot guarantee the accuracy of this information.
www.bpbonline.com OceanofPDF.com Dedicated to My parents and my beloved wife, Priti OceanofPDF.com About the Author Jitendra Tripathi is an experienced information security professional with over 35 years of expertise in communications and cybersecurity. He has played a key role in securing critical communications networks and information systems and has led security operations for large, mission- critical environments. His experience spans key areas of information security, including security governance, risk management, and security operations. He currently leads cybersecurity operations at Reliance Jio. Complementing his extensive industry experience with distinguished academic credentials, he holds a master of engineering in telecommunication engineering from the Indian Institute of Sciences (IISc), Bengaluru, India, and possesses globally recognized certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and Certified Chief Information Security Officer (CCISO).
His work reflects a practical, real- world approach to information security, combining strategic insight with operational depth. OceanofPDF.com About the Reviewers ❖ Sandeep Dommari is a recognized expert in identity-first cybersecurity and enterprise architecture, with over two decades of experience securing critical infrastructure for the public sector and global enterprises.
This is a short excerpt from the opening of “” by Unknown, quoted for review and introduction purposes. All rights belong to the copyright holders.
Book Information
- Unique ID: 6a8e89a4e4adfd1e
- File Extension: .pdf
- File Size: 7,299,200 bytes (6.961 MB)
- Title: –
- Author: Unknown
- ISBN: 9789378549373
- Pages: 477
- Language: English (en)
Reading & Word Statistics
- Estimated Reading Time: 588.0 minutes
- Total Words: 117,599
- Total Characters: 846,100
- Average Words per Page: 246.54
- Average Characters per Page: 1773.79
Most Frequent Words
security (1714), data (887), access (719), information (677), systems (520), network (468), management (404), controls (400), threat (373), secure (342), control (321), application (319), cloud (304), encryption (304), authentication (298), attacks (297), applications (278), also (271), risk (265), used (261), key (256), threats (247), system (246), identity (245), audit (241), across (224), soc (221), process (218), attack (217), vulnerabilities (212), detection (206), user (206), model (197), provide (191), ensure (187), trust (177), layer (175), business (170), policies (169), environments (167), service (166), risks (163), users (162), organizations (160), software (159), integrity (158), use (157), provides (154), protection (153), monitoring (153), networks (152), governance (142), digital (142), using (142), cryptographic (141), resources (140), malicious (140), techniques (139), devices (138), organization (138), services (136), based (136), sensitive (135), protocol (132), models (131), continuous (130), compliance (129), response (129), traffic (129), endpoint (126), chapter (124), operations (122), objectives (121), following (121), critical (120), operational (120), tools (118), protocols (118), level (118), approach (117), environment (117), include (117), effective (115), between (115), analysis (114), communication (114), unauthorized (113), quantum (110), processes (109), standards (108), like (107), technologies (106), against (105), solutions (105), infrastructure (104), vulnerability (103), attackers (103), code (102), automated (102), need (102).
