Systems Security Certified Practitioner – SSCP – Question0184

Which access control model achieves data integrity through well-formed transactions and separation of duties?

A.
Clark-Wilson model
B. Biba model
C. Non-interference model
D. Sutherland model

Correct Answer: A

Explanation:

The Clark-Wilson model differs from other models that are subject-and object-oriented by introducing a third access element programs resulting in what is called an access triple, which prevents unauthorized users from modifying data or programs. The Biba model uses objects and subjects and addresses integrity based on a hierarchical lattice of integrity levels. The noninterference model is related to the information flow model with restrictions on the information flow. The Sutherland model approaches integrity by focusing on the problem of inference. Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 12). And: KRAUSE, Micki & TIPTON, Harold F., Handbook of Information Security Management, CRC Press, 1997, Domain 1: Access Control.