The Clark-Wilson Security Model

B.

The Clark-Wilson model addresses integrity.

It incorporates mechanisms to enforce internal and external consistency, a separation of duty, and a mandatory integrity policy.

Source: KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architectures and Models (page 205).

The Clark-Wilson security model is a well-known security model used in information security that focuses on the integrity of the data being processed, stored, and transmitted. The model was developed by David Clark and David Wilson in the 1980s to address the security requirements of commercial systems that handle sensitive information.

The model is based on the concept of a separation of duties, which requires that multiple people are involved in different aspects of a security process to reduce the risk of fraud or misuse of information. The Clark-Wilson security model separates the security functions into three main components:

1. Subjects: these are the users, applications, or processes that access and manipulate the data.

2. Objects: these are the data, files, or systems that the subjects access and manipulate.

3. Transformation procedures: these are the rules or algorithms that enforce the security policies that govern how subjects can access and manipulate objects.

The model defines two key concepts for ensuring integrity:

1. Well-formed transactions: transactions must satisfy a set of well-formedness rules that ensure that the data being processed is valid and consistent with the security policies in place. This means that the data must be protected against unauthorized modification, deletion, or insertion.

2. Separation of duties: the model requires that different people or roles are involved in different aspects of a security process to reduce the risk of fraud or misuse of information. For example, a person who creates a new account should not be the same person who approves it.

Overall, the Clark-Wilson security model focuses on the integrity of the data being processed, stored, and transmitted. It aims to ensure that the data is protected against unauthorized modification, deletion, or insertion, and that the security policies in place are enforced.