CISSP – Information Systems Security Management Professional (ISSMP) — Question 15
Which of the following security models dictates that subjects can only access objects through applications?
Answer options
- A. Biba-Clark model
- B. Bell-LaPadula
- C. Clark-Wilson
- D. Biba model
Correct answer: C
Explanation
The Clark-Wilson model is designed to enforce data integrity through well-formed transactions and separation of duties, which requires access to objects to occur only through applications. The Biba and Bell-LaPadula models focus on maintaining confidentiality and integrity but do not specifically mandate access via applications.