It uses a state machine model and is very similar to the Bell-LaPadula model. Biba addresses data integrity under threat when subjects at lower integrity levels are able to write to objects at higher integrity levels and when subjects can read data at lower levels. When implemented and enforced correctly, the Biba model prevents data of any integrity level from flowing to a higher integrity level. Biba has two main rules to provide this type of protection. The first rule, called "no write up", states that a subject cannot write data to an object with a higher integrity level. The second rule, called “no read down”, states that a subject cannot read data with a lower integrity level. This second rule might seem a little silly, but it protects the subject and data at a higher integrity level from corruption of data at a lower integrity level (Whitman,