top of page


"blogger, InfoSec specialist, super hero ... and all round good guy" 



Clark-Wilson Security Model

The Clark-Wilson security model is based on preserving information integrity against the malicious attempt of tampering with data. The security model maintains that only authorized users should make and be allowed to change the data, unauthorized users should not make any changes, and the system should maintain internal and external data consistency.

The Clark-Wilson model requires a well-formed transaction. A well-formed transition is that operations and data feed and processing are consistent within the system. According to Sonya Blake on paper, she wrote for the University of Pennsylvania posted on softpanorama, "The principle of a well-formed transaction is defined as a transaction where the user is unable to manipulate data arbitrarily, but only in constrained (limitations or boundaries) ways that preserve or ensure the integrity of the data. A security system in which transactions are well-formed ensures that only legitimate actions can be executed. Ensures the internal data is accurate and consistent to what it represents in the real world" (Blake).

Concepts of separation of duties are also a big part of the Clark-Wilson model. The implementer, auditor, and certifier have to be different people in effective implementation of the model (Blake).

According to an article posted on softpanorama, Sonya Blake:

"Wilson and Clark were among the many who had observed by 1987 that academic work on models for access control emphasized data's confidentiality rather than its integrity (i.e., the work exhibited greater concern for unauthorized observation than for unauthorized modification). Accordingly, they attempted to redress what they saw as a military view that differed markedly from a commercial one.

However, what they considered a military view was not pervasive in the military.

" You can imagine there are times when data integrity may be paramount and considered even much more critical than data confidentiality. This could be in many military situations where attack orders using technological, atomic, and biological warfare must be absolutely 100% ensured they had not tampered" (Crimson Tide anyone)?

In a perfect world, we would have data confidentiality, integrity, and availability. Unfortunately, we do not live in an ideal world, and sometimes sacrifices need to make sense. When designing security models to protect the information, the Clark-Wilson model is the standard choice when data integrity's priority outweighs data confidentiality.


Cyber Defense. (n.d.). : Clark-Wilson Model. Retrieved July 20, 2014, from

Blake, S. (2000, May 17). The Clark-Wilson Model. The Clark-Wilson Model. Retrieved July 20, 2014, from


bottom of page