SSCP Exam Question: Access Control Model for Data Integrity

Data Integrity and Separation of Duties: SSCP Exam Answer

Prev Question Next Question

Question

Which access control model achieves data integrity through well-formed transactions and separation of duties?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

The Clark-Wilson model differs from other models that are subject- and object- oriented by introducing a third access element programs resulting in what is called an access triple, which prevents unauthorized users from modifying data or programs.

The Biba model uses objects and subjects and addresses integrity based on a hierarchical lattice of integrity levels.

The non-interference model is related to the information flow model with restrictions on the information flow.

The Sutherland model approaches integrity by focusing on the problem of inference.

Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 12)

And: KRAUSE, Micki & TIPTON, Harold.

F., Handbook of Information Security Management, CRC Press, 1997, Domain 1: Access Control.

The access control models are designed to maintain data security by ensuring that only authorized personnel have access to data and system resources. Each model has a different set of rules and requirements for access control.

Out of the options given, the access control model that achieves data integrity through well-formed transactions and separation of duties is the Clark-Wilson model (Option A).

The Clark-Wilson model is a well-known access control model that is primarily focused on maintaining data integrity. It works by ensuring that all transactions are executed in a controlled manner to prevent unauthorized access to data. This is achieved by separating duties among different users, such that each user can only perform the tasks that are assigned to them.

In the Clark-Wilson model, there are three key components:

  1. The Constrained Data Item (CDI) - This is the data that is being protected. It is subject to a set of rules that ensure its integrity.

  2. The Transformation Procedures (TP) - These are the procedures that can be used to modify the CDI. They are carefully designed to ensure that the integrity of the CDI is maintained.

  3. The Integrity Verification Procedures (IVP) - These procedures are used to verify that the TP has been performed correctly and that the CDI's integrity has been maintained.

Separation of duties is an important feature of the Clark-Wilson model. This means that different users are responsible for different parts of the data management process, which reduces the risk of errors or malicious actions. For example, one user might be responsible for entering data, while another user might be responsible for verifying that the data is accurate.

In conclusion, the Clark-Wilson model achieves data integrity through well-formed transactions and separation of duties.