INFORMATION SECURITY AND AUDIT
1. Overview of information security
2. Information and Network Security Policies
3. Cryptography and PKI
4. Network security applications
5. Design Principles
6. Compliance, Evaluation system and Law
7. Malicious logic and attacks
8. Vulnerability analysis and IT Audit
9. Intrusion detection and log analysis
LAB WORK -ISA
SOLVED PRACTICE QUESTIONS
PREV NEXT

Clark-Wilson Integrity Model

The Clark-Wilson Integrity Model is a security model designed to ensure the integrity of data in commercial and business environments. It was introduced by David D. Clark and David R. Wilson in 1987 and focuses on maintaining data integrity through well-formed transactions and separation of duties. Unlike other models that use hierarchical levels, the Clark-Wilson model emphasizes the use of transactions and controlled access to data.

  1. Well-Formed Transactions:
    • Transactions are sequences of operations that transition the system from one consistent state to another. These transactions are designed to maintain the integrity of data.
    • Only authorized and properly implemented transactions can modify data, ensuring that any changes are legitimate and controlled.
  2. Separation of Duties:
    • The model enforces separation of duties to prevent fraud and errors. No single user should have enough authority to abuse the system. Duties are divided among different roles to create checks and balances.
  3. Constrained Data Items (CDIs):
    • CDIs are data items that require integrity. They can only be modified through well-formed transactions. Examples include financial records, inventory data, and sensitive business information.
  4. Unconstrained Data Items (UDIs):
    • UDIs are data items that do not require the same level of integrity control. They can be modified by users without the same restrictions as CDIs. Examples include temporary data and user input.
  5. Integrity Verification Procedures (IVPs):
    • IVPs are procedures that check the consistency and integrity of CDIs. They ensure that the data remains in a valid state according to the defined rules.
  6. Transformation Procedures (TPs):
    • TPs are well-formed transactions that transform CDIs from one valid state to another. Only authorized TPs can modify CDIs, ensuring controlled and legitimate changes.

The model is defined in terms of a set of triples of the form:

(user,TP, {CDI set})

where user is authorized to perform a transaction procedure TP, on a given set of constrained data items (CDIs).

Certification and Enforcement Rules

  1. Certification Rules (C-Rules):
    • These rules are designed to ensure that TPs and IVPs are implemented correctly and effectively. They verify that the transactions and procedures maintain data integrity.

C1: All TPs must maintain the integrity of CDIs.
C2: All IVPs must ensure that all CDIs are in a valid state.

2. Enforcement Rules (E-Rules):

  • These rules enforce the model's principles during system operation. They ensure that users cannot bypass the integrity mechanisms.

E1: Only authorized users can execute TPs.
E2: Users must be authenticated and authorized to access and modify CDIs.
E3: TPs must log all actions performed, providing an audit trail.

Applications

  • Financial Systems: The Clark-Wilson model is well-suited for financial systems where the integrity of transactions is critical.
  • Database Management: It can be used to ensure that only authorized transactions modify the database, maintaining data integrity.
  • Enterprise Resource Planning (ERP): ERP systems can implement the model to enforce separation of duties and ensure the integrity of business processes.

Advantages

  • Practical Approach: The model is practical and applicable to real-world business processes, focusing on transactions and user roles.
  • Flexible: It can be adapted to various commercial and organizational environments.
  • Security through Control: Emphasizes control over data modifications, ensuring that only authorized changes are made.

 

 

PREV NEXT