The Clark-Wilson Integrity Model (d. Clark, d. Wilson, A Comparison of Commercial and Military
Computer Security Policies, Proceedings of the 1987 IEEE Computer Society Symposium on Research
in Security and Privacy, Los Alamitos, CA, IEEE Computer Society Press, 1987) focuses on what two
concepts?

A.
Capability lists and domains

B.
Least privilege and well-formed transactions

C.
Separation of duty and well-formed transactions

D.
Well-formed transactions and denial of service

Explanation:
The Clark-Wilson Model is a model focused on the needs of the commercial world and is based on
the theory that integrity is more important than confidentiality for commercial organizations.
Further, the model incorporates the commercial concepts of separation of duty and wellformed

transactions. The well-formed transaction of the model is implemented by the transformation
procedure (TP.)ATP is defined in the model as the mechanism for transforming the set of
constrained data items (CDIs) from one valid state of integrity to another valid state of integrity. The
Clark-Wilson Model defines rules for separation of duty that denote the relations between a user,
TPs, and the CDIs that can be operated upon by those TPs. The model talks about the access triple
that is the user, the program that is permitted to operate on the data, and the data. The other
answers are distracters.