{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

LectureNote8-ChineseWall

LectureNote8-ChineseWall - C LARK-W ILSON M ODEL C HINESE...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
C HINESE W ALL M ODEL C LARK -W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 18 / 92
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Chinese Wall Policy C LARK -W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 19 / 92 Example of a commercial security policy for confidentiality Mixture of free choice (discretionary) and mandatory controls Requires some kind of dynamic labeling Brewer-Nash model (1989) for Chinese Wall policy Claim that the Chinese Wall policy cannot be represented correctly by a lattice based model
Background image of page 2
Chinese Wall Policy C LARK -W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 20 / 92 Arises in the financial segment of the commercial sector, which provides consulting services to other companies Consultants have to deal with confidential company information for their clients Objective of the Chinese Wall policy is to prevent information flow that cause conflict of interest for individual consultants
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Chinese Wall Policy C LARK -W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 21 / 92 Individual Objects Conflict of Interest Classes Company Datasets All Objects BANKS Oil Companies A B X Y A consultant can access information about at most one company in each conflict of interest class
Background image of page 4
BN Simple Security – Read Access C LARK -W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 22 / 92 Subject S can read object O only if Object O is in the same company dataset as some object O prime , previously read by subject S (that is O is within the wall), OR Object O belongs to a conflict of interest class within which subject S has not yet read any object (that is O is in the open)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
BN * Property – Write Access C LARK -W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 23 / 92 Subject S can write object O only if Subject S can read object O by the simple security rule, AND No object, O prime , can be read which is in a different company dataset to the one for which write access is required
Background image of page 6
Reason for BN * Property C LARK -W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 24 / 92 Bank A Oil Company X Bank B Oil Company X Alices’ Wall Bob’s Wall Cooperating trojan Horses can transfer Bank A information to Bank B objects, and vice versa, using Oil Company X objects as intermediaries
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Implication of BN * Property C LARK -W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}