Windows Vista IE7 Implements Biba Model
According to the 2 rules of Biba Integrity Model –
- Simple Security Axiom – A subject at a particular integrity level must not be able to read from an object of a lower integrity level. i.e. "No Read Down".
- Star Property Axiom – A subject at a particular level of integrity must not be able to write on to an object of higher integrity level. i.e. "No Write Up".
Keeping the integrity level of IE7 (Protected Mode) at low
makes sure that any thread started by IE 7 will bear the same integrity level and thus would not be able to write to any folder/application in the system, which is at a higher integrity level (Star Property Axiom). Therefore the only folders where IE7 based programs can write into are the following, as they are assigned the same integrity level as IE7:
- Temporary Internet Files
- Recycle Bin
- Various Registry keys, including ones under :
On the other hand, in case you might need to save a file downloaded through IE7 on the disk on a folder like "My Documents" or c: drive, the application warns the user and informs him that this will require elevating the privileges to save the file on an alternate location. Also, in case it’s a .exe file that needs to be installed, IE 7 prompts for further elevation of privileges by asking for admin privilege password.