When designing the security architecture of an application, the requirement was to use a model which uses an access control triple and also requires separation of duty? Suggest a security model which fulfills this requirement and why?
SHOWPIN 122 in 1 Precision Computer Screwdriver Kit, Laptop Screwdriver Sets with 101 Magnetic Drill Bits, Electronics Tool Kit Compatible for Tablet, PC, iPhone, PS4 Repair
30% Off
Compressed Air Duster, 3 Gear to 51000RPM Cordless Electric Air Duster, 6000mAh Rechargeable Air Blower with LED Light for Laptop Computer Keyboard Cleaning Pet Hair Crumb Replaces Compressed Air Can
$29.98 (as of 02/07/2024 15:55 GMT -04:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
ASUS Vivobook 15.6” FHD Laptop, AMD Ryzen 3 3250U, 8GB RAM, 128GB SSD, Windows 11 Home in S Mode, Transparent Silver, M515DA-WS33
Baseus USB C to HDMI Adapter, 4K@60Hz USB C Docking Station, 7 in 1 USB C Hub with 3 USB-A, PD 100W, TF/SD Card Reader, USB C Dock Compatible for iPhone 15/Mac/Dell/Acer/HP/ASUS/Steam Deck/Rog Ally
50% OffIt is the Clark-Wilson model.
The Clark-Wilson model enforces the three goals of integrity by using access triple (subject, software [TP], and object), separation of duties, and auditing.
The Clark-Wilson model uses the following elements:
- Users Active agents
- Transformation procedures (TPs) Programmed abstract operations, such as read, write, and modify
- Constrained data items (CDIs) Can be manipulated only by TPs
- Unconstrained data items (UDIs) Can be manipulated by users via primitive read and write operations
- Integrity verification procedures (IVPs) Check the consistency of CDIs with external reality
This model enforces integrity by using well-formed transactions (through access triple) and separation of duties. When an application uses the Clark-Wilson model, it separates data into one subset that needs to be highly protected, which is referred to as a constrained data item (CDI), and another subset that does not require a high level of protection, which is called an unconstrained data item (UDI). Users cannot modify critical data (CDI) directly. Instead, the subject (user) must be authenticated to a piece of software, and the software procedures (TPs) will carry out the operations on behalf of the user.
For example, when John needs to update information held within her company’s database, he will not be allowed to do so without a piece of software controlling these activities. First, John must authenticate to a program, which is acting as a front-end for the database, and then the program will control what John can and cannot do to the information in the database.
This is referred to as access triple: subject (user), program (TP), and object (CDI). A user cannot modify CDI without using a TP.
Regarding the Separation of duty (SoD), the Clark-Wilson security model uses division of operations into different parts and requires different users to perform each part. This principle is referred as Separation of Duties (SoD). The Clark-Wilson model outlines how to incorporate separation of duties into the architecture of an application.
In a real world scenario, if a bank teller needs to withdraw $100,000, the bank’s application may require a supervisor to log in and authenticate the transaction. This is a countermeasure against potential fraudulent activities. The model provides the rules that the system designers and developers must follow to properly implement and enforce separation of duties through software procedures.
Laptop USB C Docking Station Dual Monitor 14 in 1 Triple Display USB C Hub for MacBook/Dell/HP/Lenovo Dual HDMI 4K, DP 8K, PD Charger, Gigabit Ethernet, 6 USB Ports, SD/TF Card Reader, Mic/Audio
$69.99 (as of 02/07/2024 16:04 GMT -04:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
PC Gaming Headset Headphone Hook Holder Hanger Mount, Headphones Stand with Adjustable & Rotating Arm Clamp, Under Desk Design, Universal Fit, Built in Cable Clip Organizer EURPMASK
$12.99 (as of 02/07/2024 16:14 GMT -04:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Laptop Cleaning Kit Keyboard Cleaner, Keyboard Cleaning Kit Electronics Cleaning Tool for MacBook iPad Phone iPhone Pro, Brush Tool for Tablet, Computer, PC, TV Camera Lens Computer Vacuum Keyboard
$16.98 (as of 02/07/2024 16:14 GMT -04:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
