07 - Chapter 7: Hybrid Policies Overview Chinese Wall Model...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #7-2 Overview Chinese Wall Model Focuses on conflict of interest CISS Policy Combines integrity and confidentiality ORCON Combines mandatory, discretionary access controls RBAC Base controls on job function
Background image of page 2
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #7-3 Chinese Wall Model Problem: Tony advises American Bank about investments He is asked to advise Toyland Bank about investments Conflict of interest to accept, because his advice for either bank would affect his advice to the other bank
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #7-4 Organization Organize entities into “conflict of interest” classes Control subject accesses to each class Control writing to all classes to ensure information is not passed along in violation of rules Allow sanitized data to be viewed by everyone
Background image of page 4
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #7-5 Definitions Objects : items of information related to a company Company dataset (CD): contains objects related to a single company Written CD ( O ) Conflict of interest class (COI): contains datasets of companies in competition Written COI ( O ) Assume: each object belongs to exactly one COI class
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #7-6 Example Bank of America Citibank Bank of the West Bank COI Class Shell Oil Union ’76 Standard Oil ARCO Gasoline Company COI Class
Background image of page 6
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #7-7 Temporal Element If Anthony reads any CD in a COI, he can never read another CD in that COI Possible that information learned earlier may allow him to make decisions later Let PR ( S ) be set of objects that S has already read
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #7-8 CW-Simple Security Condition s can read o iff either condition holds: 1. There is an o such that s has accessed o and CD ( o ) = CD ( o ) Meaning s has read something in o ’s dataset 2. For all o O , o PR ( s ) COI ( o ) COI ( o ) Meaning s has not read any objects in o ’s conflict of interest class Ignores sanitized data (see below) Initially, PR ( s ) = , so initial read request granted
Background image of page 8
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #7-9 Sanitization Public information may belong to a CD As is publicly available, no conflicts of interest arise So, should not affect ability of analysts to read Typically, all sensitive data removed from such
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/04/2008 for the course CS 526 taught by Professor Wagstaff during the Fall '07 term at Purdue University-West Lafayette.

Page1 / 50

07 - Chapter 7: Hybrid Policies Overview Chinese Wall Model...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online