Effective CISSP Questions

An online store employs a relational database. The store owner is concerned about data integrity. Which of the following best enforces referential integrity? (Wentz QOTD)
A. Lipner Model
B. Elliptic Curve Digital Signature Algorithm (ECDSA)
C. Hash-based message authentication code (HMAC)
D. Clark-Wilson Model

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Clark-Wilson Model.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Clark-Wilson Model

The Clark-Wilson model has two features: well-formed transactions and separation of duties. It relies on “programs” to enforce integrity instead of controlling information flow for confidentiality. It explains how transactions work in a relational database very well.

David D. Clark and David R. Wilson said in their paper, A Comparison of Commercial and Military Computer Security Policies:

This paper presents a policy for data integrity based on commercial data processing practices, and compares the mechanisms needed for this policy with the mechanisms needed to enforce the lattice model for information security. We argue that a lattice model
is not sufficient
 to characterize integrity policies, and that distinct mechanisms are needed to control disclosure and to provide integrity…

First, with these integrity controls, a data item is not necessarily associated with a particular security level, but rather with a set of programs permitted to manipulate it. Second, a user is not given authority to read or write certain data items, but to execute certain programs on certain data items…

The Clark-Wilson Model for Integrity (Image Credit: Ronald Paans)

Lipner’s Model

Lipner’s Model is a mixed model of BLP model and Biba model and enforces both confidentiality and integrity. It’s a lattice-based model that relies on the security level of subjects and objects and doesn’t address the specific issue of referential integrity of a relational database.

Bell-LaPadula Model
Bell-LaPadula Model
Biba Model
Biba Model


Elliptic Curve Digital Signature Algorithm (ECDSA) is used in the digital signature that enforces non-repudiation. Hash-based message authentication code (HMAC) enforces authenticity. Even though authenticity and non-repudiation are ingredients of integrity as defined in FISMA, they don’t specifically address referential integrity.

Integrity in FISMA
Integrity in FISMA


一家線上商店使用關聯式資料庫。 店主擔心數據完整性。 以下哪項最能實現參照完整性? (Wentz QOTD)
A. 利普納模型 (Lipner Model)
B. 橢圓曲線數字簽名算法 (ECDSA)
C. 基於散列的消息認證碼 (HMAC)
D. 克拉克-威爾遜模型 (Clark-Wilson Model)

Leave a Reply