# CISSP PRACTICE QUESTIONS – 20210401

According to Dorothy E. Denning, “the lattice properties permit concise formulations of the security requirements of different existing systems and facilitate the construction of mechanisms that enforce security.” Which of the following is not a lattice-based access control model? (Wentz QOTD)
A. Biba model
B. Clark-Wilson model
C. Brewer and Nash model

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Clark-Wilson model.

“A lattice is an abstract structure studied in the mathematical subdisciplines of order theory and abstract algebra. It consists of a partially ordered set in which every two elements have a unique supremum (also called a least upper bound or join) and a unique infimum (also called a greatest lower bound or meet).” (Wikipedia)

Lattice in security is commonly used to control information flow between security levels/categories or compartments. Classification and labeling are two primary characteristics of lattice-based access control.

## Lattice-based Access Control

Ravi S. Sandhu reviewed three lattice-based access control models (Bell-LaPadula, Biba, and Chinese Wall) in this paper, Lattice-Based Access Control Models, which showed how the Chinese Wall policy could be enforced in a lattice framework and said:

Lattice-based access control models were developed to deal with information flow in computer systems. Information flow is clearly central to confidentiality. As we will see it also applies to integrity to some extent. Its relationship to availability is tenuous at best. Thus, these models are primarily concerned with confidentiality and can deal with some aspects of integrity.

## Brewer and Nash model

The Brewer and Nash model classifies datasets into conflict-of-interest classes and labels them to apply access control dynamically based on the subject’s access history (aka history-based).

## Clark-Wilson Model

The Clark-Wilson model has two features: well-formed transactions and separation of duties. It relies on “programs” to enforce integrity instead of controlling information flow for confidentiality.

David D. Clark and David R. Wilson said in their paper, A Comparison of Commercial and Military computer Security Policies:

This paper presents a policy for data integrity based on commercial data processing practices, and compares the mechanisms needed for this policy with the mechanisms needed to enforce the lattice model for information security. We argue that a lattice model
is not sufficient
to characterize integrity policies, and that distinct mechanisms are needed to control disclosure and to provide integrity…

First, with these integrity controls, a data item is not necessarily associated with a particular security level, but rather with a set of programs permitted to manipulate it. Second, a user is not given authority to read or write certain data items, but to execute certain programs on certain data items…

# A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

A. Biba model
B. Clark-Wilson model
C. Brewer and Nash model