The Clark-Wilson Integrity Model (d. Clark, d. Wilson, A Comparison
of Commercial and Military Computer Security Policies, Proceedings of
the 1987 IEEE Computer Society Symposium on Research in Security and

Privacy, Los Alamitos, CA, IEEE Computer Society Press, 1987) focuses on
what two concepts?

A.
Capability lists and domains

B.
Least privilege and well-formed transactions

C.
Separation of duty and well-formed transactions

D.
Well-formed transactions and denial of service

Explanation:
The Clark-Wilson Model is a model focused on the needs of the commercial
world and is based on the theory that integrity is more important
than confidentiality for commercial organizations. Further, the model
incorporates the commercial concepts of separation of duty and wellformed
transactions. The well-formed transaction of the model is implemented
by the transformation procedure (TP.)ATP is defined in the model
as the mechanism for transforming the set of constrained data items (CDIs)
from one valid state of integrity to another valid state of integrity. The
Clark-Wilson Model defines rules for separation of duty that denote the
relations between a user, TPs, and the CDIs that can be operated upon by
those TPs. The model talks about the access triple that is the user, the program
that is permitted to operate on the data, and the data. The other answers are distracters.