Notes - Computer Security MT24, Clark-Wilson model
Flashcards
Is the Clark-Wilson model concerned primarily with confidentiality or integrity?
Integrity.
What are the four goals of integrity?
- Prevent data modification by unauthorised parties
- Prevent unauthorised data modification by authorised parties
- Must reflect the real world (e.g. if a product is sold, it must be marked as sold on the system)
- Maintains internal and external consistency
What are the differences between internal and external consistency, and how is each enforced?
- Internal consistency: The computer system is consistent, e.g. the sum of stock for each item must equal the total stock. Enforced by the computer system.
- External consistency: The computer system accurately reflects the external world, e.g. if a product is sold then the computer system should reflect this. Enforced by audits.
In the context of the Clark-Wilson model, what is the idea of a well-formed transaction?
Where data is only manipulated by a specific set of programs.
In the Bell-LaPadula model, access control is determined by a triples in $\mathcal S \times \mathcal O \times \mathcal P$, where a subject can access an object with a given permission.
How does the Clark-Wilson model differ, and how does this help enforce integrity?
Access control is determined by triples of:
- Subjects
- Program access
- Object
A subject can modify a data item using a particular program.
It helps enforce integrity since only valid operations can be performed on objects (“well-formed transactions”).
In the context of the Clark-Wilson model, what is meant by the separation of duties?
Different people develop, test, certify and operate the system.
Apart from requiring subjects to access objects through well-formed transactions via programs, what else does the Clark-Wilson model require in order to enforce system integrity?
The maintenance of audit logs.