The
Clark-Wilson model addresses integrity, but not confidentiality or availability.
It addresses integrity protection different than the Clark-Wilson model by using a three part relationship versus the lattice method as does the Biba model.
The three part relationship is composed of;
- Subjects
- Programs
- Objects
Objects may only be accessed through programs eliminating direct access from the subject.
To further protect integrity the Clark-Wilson model utilizes the following two principles;
- Well informed transactions
- Separation of duties
In our three part relationship, programs take the part of well informed transactions, and a subject is required to use a program to access an object.
The programs in use would have limitations as to what they could do or not do to an object. This limits the subject's, object changing capabilities.
The principle of 'separation of duties', states that no single individual may perform a critical function. Critical functions must be separated into two or more parts, and two different subjects are required to modify an object.
This prevents unauthorized modifications to objects.
The Clark-Wilson model requires auditing of object access, and changes, both internally and externally to guarantee
integrity.
This categorizes the Clark-Wilson model as a 'restricted interface model'. (Classification-based restrictions only offer subject-specific authorized information and functions)
Simply put, this means that a subject at one level may see, and access data at one level, but a subject at another level will see a different set of data and have access, only to that data.
Copyright ©2002-2006 Testbusters.net. All Rights Reserved.
Testbusters.net is not sponsored, endorsed or affiliated by any associated vendor.
Associated venders include, but are not limited to, Microsoft®, Cisco®, CompTIA®, Novell® etc.
support