Clark–Wilson model
With the help of the Clark -Wilson model allows the integrity of a computer system to describe and implement.
The security model describes the actions that are necessary to obtain a computer system in a state of integrity. These measures concerning imported to the data damage or data loss caused by errors or deliberate compromise. The model describes how data will remain valid within a data-related processing. Furthermore, it specifies rights of individual exporting identities, as well as rules to preserve and validity of system resources.
History
The model was described in 1987 by David D. Clark and David R. Wilson. In contrast to the coming from the military sector models such as Bell - LaPadula and Biba model, which meet the requirements for Trusted Computer System Evaluation Criteria, the Clark -Wilson model attempts to specify integrity for commercial security systems. It can be doing very well apply to business processes and other application software.
The Clark -Wilson model is distributed mainly in the financial sector. Each mainframe data processed today according to this model or a variation thereof.
Basics
The model describes using Einhaltungs ( enforcement ) rules and certification ( certification ) the information technology data and processes. These rules form the basis for ensuring the integrity of a system. The model is always based on a self-contained transaction.
- A valid transaction is a sequence of operations which take the system from one state to the next state. The transaction must always be atomic. This means that the state change occurs only when the transaction has no errors.
- In the Clark -Wilson model, the integrity is ensured by the transaction control.
- The principle of division of labor ( separation of duty ) requires that the certifier and the implementer of a transaction are different.
The following constructs are used:
- Constrained Data Item (CDI ): data on which the security model must be applied, that is, the need to always be in a valid state.
- Unconstrained Data Item (UDI ): Data (still) not subject to the security model, including data which need not be integer or user input.
- Integrity Verification Procedure ( IVP) ensures that all CDIs in a system must have a valid state.
- Transformational Procedures ( TPs ) accept a CDI or a UDI and transferred them to a new CDI. This is achieved through a certification.