Edit WYSIWYGattachfile Attach PDF Raw View►More Actions▼More Actions


Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in CBI_ComputerSecurity web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in CBI_ComputerSecurity web only

Revision Date Username Comment
1317 Nov 2014 - 10:46ThomasMisa 
1203 Oct 2013 - 15:25norqu036? 
1128 Aug 2013 - 13:19norqu036? 
1003 Jun 2013 - 09:16NicLewis 
931 May 2013 - 14:49NicLewis 
831 May 2013 - 11:40NicLewis 
731 May 2013 - 09:35NicLewis 
620 May 2013 - 10:16NicLewis 
527 Mar 2013 - 09:41NicLewis 
425 Mar 2013 - 11:29NicLewis 
earlier first

Render style:     Context:


 History: r13 < r12 < r11 < r10 < r9
[X] Hide this message.
Notice: On June 30, 2016, UMWiki service will be decommissioned. If you have information in UMWIki that needs to be preserved, you should make plans to move it before that date. Google Sites is anticipated to be the most popular and appropriate alternative for users because it offers a more modern and user-friendly interface and unlimited capacity. To learn more about the features of Google Sites and other alternatives, and to identify which one best fits your needs, see the University’s Website Solution Selection Guide. If you have concerns or would like help regarding this change and your options, please contact Technology Help at help@umn.edu
You are here: UMWiki>CBI_ComputerSecurity Web>Publications>PubClarkWilson (revision 13)

Current Activitieslock Who is Who?lock People Programs Publications CSHW_2014 Systems Events Mechanisms

Clark-Wilson Model

 

In 1987, David D. Clark and David R. Wilson argued that most models of computer security up to that point had focused on data confidentiality, particularly on the development of mechanisms for labeling classified information, and preventing its dissemination to unauthorized viewers. This focus was primarily due to the security demands of the Department of Defense, which emphasized data confidentiality over data integrity. For example, the Trusted Computer System Evaluation Criteria (TCSEC), otherwise known as the "Orange Book," established the DoD assessment requirements for computer security controls. The Orange Book, first released in 1983, and updated in 1985, organized computer security assessment requirements using a scale that ranked computer systems from the least to the greatest amount of data classification policy enforcement.

Clark and Wilson argued that this policy emphasis overlooked the requirements of computer security in commercial applications, where the unauthorized alteration of data, both malicious and accidental, was of greater concern than confidentiality enforcement. Clark and Wilson stipulated that, while models such as Bell-LaPadula, and evaluation criteria such as the Orange Book, catered well to military requirements, little formal modeling existed for commercial security interests.(1)

The Biba model, first published in 1975, was the first formal recognition of data integrity in computer security. This model formed an inverse of Bell-LaPadula, stating that a program could not read data of a lower classification, and subsequently write up to data of a higher classification, in order to safe-guard the integrity of the higher classification data. Clark and Wilson contended that the Biba model required a security officer to intervene to convert a constrained data item (CDI), one that could not be altered, into an unconstrained data item (UDI), one that could be altered. The authors argued that this policy was unrealistic in a commercial environment, where data entry was the most common system function. Instead, the Clark-Wilson model authorized the method for converting a CDI into a UDI, called the trusted process (TP). That way, a security officer could designate which utilities had authorization to alter data, rather than authorizing each change request individually.(2)

This authorization of programs, as well as subjects and objects, distinguished Clark-Wilson from preceding security models, and helped to generate interest in new approaches toward data integrity. Using programs as intermediaries for access and integrity control between subjects and objects also prevented, or reduced, direct user access to data.(3)(4) The Clark-Wilson model was not a specific security policy, as was the case with Bell-LaPadula, but served as a guideline for formalizing security policies. For example, the Biba model was extended to fit within the Clark-Wilson framework. However, in this extension of the Biba model, Theodore Lee argued that the DoD TCSEC certification did provide data integrity security, when implemented properly. David Bell also argued that confidentiality and integrity were not completely separate concepts in security, stating that confidentiality models, such as that implemented in the Multics interpretation of Bell-LaPadula, resulted in data integrity control.(5)(6)(7)(8)

Notes

1 : lock David D. Clark, and David R. Wilson, "A Comparison of Commercial and Military Computer Security Policies," 184-185, in Proceedings of the 1987 IEEE Symposium on Research in Security and Privacy, Oakland, CA: IEEE Press, May 1987, 184–193. (Login required)

2 : lock David D. Clark, and David R. Wilson, "A Comparison of Commercial and Military Computer Security Policies," 191, in Proceedings of the 1987 IEEE Symposium on Research in Security and Privacy, Oakland, CA: IEEE Press, May 1987, 184–193. (Login required)

3 , 8 : Jeffrey R. Yost, "An Interview with David Elliott Bell, OH 411," Charles Babbage Institute, 2012, 40-42.

4 : Jeffrey R. Yost, "A History of Computer Security Standards," 629, in Karl de Leeuw and Jan Bergstra, eds., The History of Information Security: A Comprehensive Handbook, (Oxford, UK: Elsevier, 2007), 595-621.

5 : Jeffrey R. Yost, "A History of Computer Security Standards," 630, in Karl de Leeuw and Jan Bergstra, eds., The History of Information Security: A Comprehensive Handbook, (Oxford, UK: Elsevier, 2007), 595-621.

6 : lock Theodore Lee, "Using Mandatory Integrity to Enforce "Commercial" Security," Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society, Washington, DC (1991), 140-146. (Login required)

7 : lock Paul A. Karger, "Implementing Commercial Data Integrity with Secure Capabilities," Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society, Washington, DC (1991), 130-139. (Login required)


Topic revision: r13 - 17 Nov 2014 - 10:46:29 - ThomasMisa
 
Signed in as lewi0740 (NicLewis) | Sign out
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback