LectureNote8-ChineseWall

LectureNote8-ChineseWall - C HINESE W ALL M ODEL C LARK-W...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: C HINESE W ALL M ODEL C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 18 / 92 Chinese Wall Policy C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 19 / 92 ● Example of a commercial security policy for confidentiality ● Mixture of free choice (discretionary) and mandatory controls ● Requires some kind of dynamic labeling ● Brewer-Nash model (1989) for Chinese Wall policy ✦ Claim that the Chinese Wall policy cannot be represented correctly by a lattice based model Chinese Wall Policy C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 20 / 92 ● Arises in the financial segment of the commercial sector, which provides consulting services to other companies ● Consultants have to deal with confidential company information for their clients ● Objective of the Chinese Wall policy is to prevent information flow that cause conflict of interest for individual consultants Chinese Wall Policy C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 21 / 92 Individual Objects Conflict of Interest Classes Company Datasets All Objects BANKS Oil Companies A B X Y A consultant can access information about at most one company in each conflict of interest class BN Simple Security – Read Access C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 22 / 92 ● Subject S can read object O only if ✦ Object O is in the same company dataset as some object O prime , previously read by subject S (that is O is within the wall), OR ✦ Object O belongs to a conflict of interest class within which subject S has not yet read any object (that is O is in the open) BN * Property – Write Access C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 23 / 92 ● Subject S can write object O only if ✦ Subject S can read object O by the simple security rule, AND ✦ No object, O prime , can be read which is in a different company dataset to the one for which write access is required Reason for BN * Property C LARK-W ILSON M ODEL C HINESE W ALL M ODEL R OLE B ASED A CCESS C ONTROL C OVERT C HANNELS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 24 / 92 Bank A Oil Company X Bank B Oil Company X Alices’ Wall Bob’s Wall Cooperating trojan Horses can transfer Bank A information to Bank B objects, and vice versa, using Oil Company X objects as intermediaries Implication of BN * Property...
View Full Document

This note was uploaded on 05/29/2010 for the course CS 556 taught by Professor Staff during the Spring '08 term at Colorado State.

Page1 / 31

LectureNote8-ChineseWall - C HINESE W ALL M ODEL C LARK-W...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online