What is the Clark-Wilson integrity model?

The Clark-Wilson model enforces integrity through well-formed transactions and separation of duties in commercial environments. It defines constrained data items that can only be modified by authorized transformation procedures, unconstrained data items that are user input, and integrity verification procedures that check data consistency. Users cannot directly access data but must go through approved programs. This models how real business systems work: a bank teller cannot directly edit account balances but must use the banking application.