It's mentioned in the Security Architecture and Engineering series that the distinguishing differences between Biba and Clark Wilson are as follows:
2. Biba - INTEGRITY !!! (only). Like Bell LaPadula, requires that all subjects & objects have a classification label. Designed to address three integrity issues:
Prevent modifications of objects by unauthorized subjects Prevent unauthorized modifications of objects by authorized subjects Protect internal and external object consistency
Improves on Biba by focusing on integrity at the transaction level and addressing three major goals of integrity in a commercial environment:
1. Preventing unauthorized users from making modifications to data or programs. 2. Preventing authorized users from making improper or unauthorized modifications. 3. Maintaining internal and external consistency of data and programs.
Those seem the same to me. Can you help clarify the differences?