Dynamic enforcement of the Strict integrity policy

The Strict integrity policy (SIP) in Biba's integrity model is widely used in protecting information integrity, but the static integrity labels of both subjects and objects increase compatibility cost of applications and might prevent some operations that are indeed harmless. In order to improve compatibility, Dynamic enforcement of the Strict integrity policy (DESIP) is put forward. The current integrity label attribute of a subject in SIP is replaced with two attributes in DESIP, which are used to confine dynamically the range of objects a subject could be allowed to access. The new rules of access control in DESIP are given for each kind of access mode (observe, modify and invoke) together with the proofs of their validity. Comparison between SIP and DESIP shows that after a sequence of operations, a subject controlled by DESIP tends to behave in a similar way as it is controlled by SIP and DESIP is more compatible than SIP.