Notes - Computer Security MT24, Clark-Wilson model


Flashcards

Is the Clark-Wilson model concerned primarily with confidentiality or integrity?


Integrity.

What are the four goals of integrity?


  • Prevent data modification by unauthorised parties
  • Prevent unauthorised data modification by authorised parties
  • Must reflect the real world (e.g. if a product is sold, it must be marked as sold on the system)
  • Maintains internal and external consistency

What are the differences between internal and external consistency, and how is each enforced?


  • Internal consistency: The computer system is consistent, e.g. the sum of stock for each item must equal the total stock. Enforced by the computer system.
  • External consistency: The computer system accurately reflects the external world, e.g. if a product is sold then the computer system should reflect this. Enforced by audits.

In the context of the Clark-Wilson model, what is the idea of a well-formed transaction?


Where data is only manipulated by a specific set of programs.

In the Bell-LaPadula model, access control is determined by a triples in $\mathcal S \times \mathcal O \times \mathcal P$, where a subject can access an object with a given permission.

How does the Clark-Wilson model differ, and how does this help enforce integrity?


Access control is determined by triples of:

  • Subjects
  • Program access
  • Object

A subject can modify a data item using a particular program.

It helps enforce integrity since only valid operations can be performed on objects (“well-formed transactions”).

In the context of the Clark-Wilson model, what is meant by the separation of duties?


Different people develop, test, certify and operate the system.

Apart from requiring subjects to access objects through well-formed transactions via programs, what else does the Clark-Wilson model require in order to enforce system integrity?


The maintenance of audit logs.




Related posts