Applying The Biba Integrity Model to Evidence Management

  • Kweku Arthur
  • Martin Olivier
  • Hein Venter
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 242)


This paper describes the design of an integrity-aware Forensic Evidence Management System (FEMS). The well-known Biba integrity model is employed to preserve and reason about the integrity of stored evidence. Casey’s certainty scale provides the integrity classification scheme needed to apply the Biba model. The paper also discusses the benefits of using an integrity-aware system for managing digital evidence.


Evidence management Biba integrity model Casey’s certainty scale 


  1. [1]
    AccessData, Forensic Toolkit (FTK) (
  2. [2]
    Aprisma, Event correlation in Spectrum and other commercial products (, 2000.
  3. [3]
    K. Burden and C. Palmer, Cyber crime — A new breed of criminal? Computer Law and Security Report, vol. 19(3), pp. 222–227, 2003.CrossRefGoogle Scholar
  4. [4]
    L. Burns, J. Hellerstein, S. Ma, C. Perng, D. Rabenhorst and D. Taylor, Towards discovery of event correlation rules, Proceedings of the IEEE/IFIP International Symposium on Integrated Network Management, pp. 345–359, 2001.Google Scholar
  5. [5]
    E. Casey, Error, uncertainty and loss in digital evidence, International Journal of Digital Evidence, vol. 1(2), 2002.Google Scholar
  6. [6]
    H. Doernemann, Tool-based risk management made practical, Proceedings of the IEEE Joint Conference on Requirements Engineering, p. 192, 2002.Google Scholar
  7. [7]
    D. Forte, The art of log correlation: Tools and techniques for correlating events and log files, Computer Fraud and Security, pp. 7–11, June 2004.Google Scholar
  8. [8]
    L. Gordon, M. Loeb, W. Lucyshyn and R. Richardson, 2006 CSI/FBI Computer Crime and Security Survey, Computer Security Institute (, 2006.
  9. [9]
    S. Harris, CISSP Certification, McGraw-Hill Osborne, Emeryville, California, 2005.Google Scholar
  10. [10]
    C. Hosmer, Proving the integrity of digital evidence with time, International Journal of Digital Evidence, vol. 1(1), pp. 1–7, 2002.Google Scholar
  11. [11]
    R. Morris, Options in computer forensic tools, Computer Fraud and Security, pp. 8–11, November 2002.Google Scholar
  12. [12]
    A. Muscat, A log-analysis-based intrusion detection system for the creation of a specification-based intrusion prevention system, Proceedings of the University of Malta Annual Computer Science Research Workshop, 2003.Google Scholar
  13. [13]
    National Institute of Standards and Technology (NIST), National Software Reference Library (
  14. [14]
    C. Pfleeger and S. Lawrence-Pfleeger, Security in Computing, Prentice Hall, Upper Saddle River, New Jersey, 2003.Google Scholar
  15. [15]
    B. Smith, Thinking about security monitoring and event correlation (
  16. [16]
    P. Stephenson, The right tools for the job, Digital Investigation, vol. 1(1), pp. 24–27, 2004.CrossRefMathSciNetGoogle Scholar
  17. [17]
  18. [18]
    J. Tudor, Information Security Architecture: An Integrated Approach to Security in the Organization, Auerbach/CRC Press, Boca Raton, Florida, 2001.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Kweku Arthur
  • Martin Olivier
    • 1
  • Hein Venter
    • 2
  1. 1.Computer Science at the University of PretoriaPretoriaSouth Africa
  2. 2.Department of Computer ScienceUniversity of PretoriaPretoriaSouth Africa

Personalised recommendations