The University of SydneyPage 40Biba Model–The Bell La Padulaequivalent for integrity–Two security properties –dual of BLP1. Simple integrity: Subject S can read object O only if Is(Integrity level of S) less than or qual to Io (Integrity level of O).•If a subject can modify an object, then the integrity level of the subject must be higher than the integrity level of the object•No Read Down–Does this makessense? E.g.Company CEO at Top Secret Integrity level cannot read unclassified info.–It is protecting the subject and data at a higher integrity level from being corrupted by data in a lower integrity level.