Table of Contents
Abstract
Information systems are exposed to the chance of being attacked physically or emotionally. Computer systems have security models for commercial purposes, but the information is not considered while creating a security model implementation. In this paper, we will discuss the Clark Wilson model, which is one of the security model implementations. To protect commercial information, we use the Clark Wilson model to avoid unauthorized usage of information. Because of exceptional data-level protection for the information, the Clark Wilson model is not widely accepted for all scenarios. An advanced Clark’s model is developed for enhanced data protection. By using this integration level of the Clark Wilson model, software data is more securely protected.
Introduction
The information age has been entered by human beings recently. Because of the rapid development of networks and computer technologies, hacking technologies have also been developed simultaneously to grab the information and misuse the information, which makes the information insecure. To estimate the level of security information and, the security evaluation standard of information is developed rapidly. This evaluation standard entirely depends on the security model. Information security plays a crucial role in society nowadays. The information which is available in the database of any organization is most likely to be protected or secured. (Bell, May 31, 1973)
The confidentiality and integrity of the data which is preserved must be given an assurance that is concerned with data security. Confidentiality means protecting the data from getting misused. The data must also be protected from people who may compromise the data for their benefit either directly or indirectly. The protection of data from being modified comes under integrity. Modification deals with either deleting or editing. Integrity constraints of an organization are the ones that say about the correctness of the data in that organization.
Many models have been developed to control security threats. Let us discuss some of them and have a look into how they relate to Clark Wilson model.
Multi-level Information Security Model Review
This security model was primarily invented for military purposes and to make our data more secure that no other country can hack them and protect our confidential information. Based on the sensitivity of the information, this model is divided into four categories, namely open level, deep level, intimate level, and top-secret level.
Secure Database Design Model
This is a conventional database design to support the operations and verify them. This secure database design model is a combination of security at logical, organizational, and physical levels. In logical requirements, we deal with all types of risks and threats.
Bell Lapadula Model
A widely used computer security model and D. Elliott developed this model. Bell and Leanard J.Lapadula in the year 1973. It is also developed for military purposes. This stimulates personal military data. This model is used widely in the military to get hold of access control. This model successfully stops information flowing from a higher intimate level to a low level.
BIBA Model
K. J. Biba developed the BIBA model in the year 1977. In the field of computer integrity, the Biba model was the first security model. This model deals with multi-level sensitive information, and it is a lattice-based control model. This model is also commonly used for military purposes to protect confidential data. The main motto of this model is to execute information flow to strengthen access control. (Biba, April 1977)
Clark Wilson Model
Clark and Wilson first proposed Clark Wilson model in the year 1987 for commercial purposes. It is used for system applications where it is integrated between OS and application. This model was approved and operational in 1993. This is not the first security model in protecting the confidential data, but this was much more advanced than the Biba model and Bell Lapadula model. (Wilson)
Clark Wilson Model was the only model that is based on classification using the integrity level of subjects and objects. This model proves that certified transactions can only edit data. In order to prove this, they brought a group of people who are attached to data and transactions separately. The datum in the Clark Wilson Model is divided into either constrained or unconstrained data items. There is a need to protect the constrained data item.
Applying Clark Wilson Model in DBMS
For authorized access and control, many organizations use the Clark Wilson model in collaboration with their database to protect the confidential information. This model is based on SQL queries. This model deals with non-data transactions. While using this model also, data in the database can only be accessed when the correct authorized permissions are given.
An unconstrained data item is connected to the transfer protocol. Users and IVP also connected to the transfer protocol. Then the security algorithm is performed, and all the data is now converted to the constrained data item. The log files are also written in the transfer protocol.
The certification rules consist of authorization and also protocols to perform security models. The security officer is the one who performs the authorization of the data. These all are stored in a user set, and security models are performed on them. Authentication and authorization are performed on the data, which is in the database.
Characteristics of Clark Wilson Model
Compared to other models, the Clark Wilson model is less used in the military as it is so complex to understand and also implement. However, this was the first model regarding data integrity. This model is restricted to three data constraints, namely preventing the modification of data, deletion of data, and also the consistency of data from unauthorized access. This model is mainly designed for business purposes and to protect the data.
Bibliography
- Bell, L. J. (May 31, 1973). Secure Computer Systems: A Mathematical Model.
- Biba, K. J. (April 1977). Integrity Considerations for Secure Computer.
- Wilson, D. D. (n.d.). Commercial and Military Computer Security Policies. semanticscholar.org.