When designing the security architecture of an application, the requirement was to use a model which uses an access control triple and also requires separation of duty? Suggest a security model which fulfills this requirement and why?
It is the Clark-Wilson model.
The Clark-Wilson model enforces the three goals of integrity by using access triple (subject, software [TP], and object), separation of duties, and auditing.
The Clark-Wilson model uses the following elements:
- Users Active agents
- Transformation procedures (TPs) Programmed abstract operations, such as read, write, and modify
- Constrained data items (CDIs) Can be manipulated only by TPs
- Unconstrained data items (UDIs) Can be manipulated by users via primitive read and write operations
- Integrity verification procedures (IVPs) Check the consistency of CDIs with external reality
This model enforces integrity by using well-formed transactions (through access triple) and separation of duties. When an application uses the Clark-Wilson model, it separates data into one subset that needs to be highly protected, which is referred to as a constrained data item (CDI), and another subset that does not require a high level of protection, which is called an unconstrained data item (UDI). Users cannot modify critical data (CDI) directly. Instead, the subject (user) must be authenticated to a piece of software, and the software procedures (TPs) will carry out the operations on behalf of the user.
For example, when John needs to update information held within her company’s database, he will not be allowed to do so without a piece of software controlling these activities. First, John must authenticate to a program, which is acting as a front-end for the database, and then the program will control what John can and cannot do to the information in the database.
This is referred to as access triple: subject (user), program (TP), and object (CDI). A user cannot modify CDI without using a TP.
Regarding the Separation of duty (SoD), the Clark-Wilson security model uses division of operations into different parts and requires different users to perform each part. This principle is referred as Separation of Duties (SoD). The Clark-Wilson model outlines how to incorporate separation of duties into the architecture of an application.
In a real world scenario, if a bank teller needs to withdraw $100,000, the bank’s application may require a supervisor to log in and authenticate the transaction. This is a countermeasure against potential fraudulent activities. The model provides the rules that the system designers and developers must follow to properly implement and enforce separation of duties through software procedures.