A perspective on integrity mechanisms

Abstract

Accepting the common viewpoint that integrity is concerned with information modification rather than information disclosure or information availability, the author considers two views on what nondiscretionary controls are needed for information integrity: (1) Clark and Wilson's view that some separate mechanisms are required for enforcement of integrity policies, disjoint from those of the Orange Book (TCSEC), and (2) Gasser's view that techniques to protect against information modifications are almost always the same as (or a subset of) techniques to protect against information disclosure. The author agrees with the Clark-Wilson view, in which integrity requires nondiscretionary access-control mechanisms other than label-based mandatory controls. He lists his objections to Gasser's view.<>