"blogger, InfoSec specialist, super hero ... and all round good guy" 



Clark-Wilson Security Model

The Clark-Wilson security model is based on preserving information integrity against the malicious attempt of tampering data. The security model maintains that only authorized users should make and be allowed to change the data, unauthorized users should not be able to make any changes, and the system should maintain internal and external data consistency.

The Clark-Wilson model requires well-formed transaction. A well-formed transition is that operations and data feeds and processing are consistent within the system. According to Sonya Blake on paper she wrote for the University of Pennsylvania posted on softpanorama, “The principle of well-formed transaction is defined as a transaction where the user is unable manipulate data arbitrarily, but only in constrained (limitations or boundaries) ways that preserve or ensure the integrity of the data. A security system in which transactions are well-formed ensures that only legitimate actions can be executed. Ensures the internal data is accurate and consistent to what it represents in the real world” (Blake).

Concepts of separation of duties are also a big part of the Clark-Wilson model. The implementer, auditor, and certifier have to be different people in an effective implementation of the model (Blake).

According to an article posted on softpanorama, Sonya Blake:

Wilson and Clark were among the many who had observed by 1987 that academic work on models for access control emphasized data’s confidentiality rather than its integrity (i.e., the work exhibited greater concern for unauthorized observation than for unauthorized modification). Accordingly, they attempted to redress what they saw as a military view that differed markedly from a commercial one. In fact, however, what they considered a military view was not pervasive in the military.”

You can imagine there are times when data integrity may be paramount and considered even much more important than data confidentiality. This could be in many military situations where attack orders using technological, atomic, and biological warfare must be absolutely 100% ensured they have not been tampered (Crimson Tide anyone?).

In a perfect world we would have data confidentiality, integrity, and availability.

Unfortunately we do not live in a perfect world, and sometimes sacrifices need to make sense. When designing security models to protect information, the Clark-Wilson model is standard choice when the priority of data integrity outweighs data confidentiality.


Cyber Defense. (n.d.). : Clark-Wilson Model. Retrieved July 20, 2014, from

Blake, S. (2000, May 17). The Clark-Wilson Model. The Clark-Wilson Model. Retrieved July 20, 2014, from and is a blog dedicated to Cyber Counter Intelligence and Cybersecurity technologies. The posts will be a discussion of concepts and technologies that make up emerging threats and techniques related to Cyber Defense. Sometimes we get a little off-topic. Articles are gathered or written by cyber security professionals, leading OEMs, and enthusiasts from all over the world to bring an in-depth, real-world, look at Cyber Security. About this blog and and any affiliate website does not represent or endorse the accuracy or reliability of any information’s, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any products, information’s or any other material displayed, purchased, or obtained by you as a result of an advertisement or any other information’s or offer in or in connection with the services herein. Everything on this blog is based on personal opinion and should be interoperated as such. Contact Info If you would like to contact this blog, you may do so by emailing ALAKHANI(AT)YMAIL(DOT)COM  



 Keeping you informed | Latest News 

© 2018 Dr. Chaos