PrepAway - Latest Free Exam Questions & Answers

Which of the following is a common association of the Clark-Wilson access model?

Which of the following is a common association of the Clark-Wilson access model?

PrepAway - Latest Free Exam Questions & Answers

A.
Chinese Wall

B.
Access tuple

C.
Read up and write down rule

D.
Subject and application binding

Explanation:
D: In the Clark-Wilson model, a subject cannot access an object without going through some type of application or program that controls how this access can take
place. The subject (usually a user) is bound to the application and then is allowed access to the necessary objects based on the access rules within the application
software. For example, when Kathy needs to update information held within her company’s database, she will not be allowed to do so without a piece of software
controlling these activities. First, Kathy must authenticate to the software, which is acting as a front end for the database, and then the program will control what Kathy
can and cannot do to the information in the database. This is referred to as access triple: subject (user), program, and object. This is triple, not tuple. Tuple is a row
within a database.
A is incorrect because the Chinese Wall model is another name for the Brewer and Nash model, which was created to provide access controls that can change
dynamically, depending upon a user’s previous actions, in an effort to protect against conflicts of interest by users’ access attempts. No information can flow between
subjects and objects in a way that would result in a conflict of interest. The model states that a subject can write to an object if, and only if, the subject cannot read
another object that is in a different dataset.
B is incorrect because the Clark-Wilson model uses access triple, not access tuple. The access triple is subject-program-object. It ensures that subjects can only
access objects through authorized programs.
C is incorrect because the Clark-Wilson model does not have read up and write down rules. These rules are associated with the Bell-LaPadula and Biba models. The
Bell-LaPadula model includes the simple security rule, which is no read up, and the star property rule, which is no write down. The Biba model includes the simple
integrity axiom, which is no read down, and the star-integrity axiom, which is no write up.

One Comment on “Which of the following is a common association of the Clark-Wilson access model?

  1. joe says:

    In the Clark-Wilson model, a subject cannot access an object without going through some type of application or program that controls how this access can take
    place

    Chinese Wall model is another name for the Brewer and Nash model

    Clark-Wilson model uses access triple, not access tuple

    Bell-LaPadula model includes the simple security rule, which is no read up, and the star property rule

    Biba model includes the simple integrity axiom, which is no read down, and the star-integrity axiom, which is no write up.




    0



    0

Leave a Reply