Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chinese wall model in the internet Environment

Published byLucinda Barnett Modified over 5 years ago

Similar presentations

Presentation on theme: "Chinese wall model in the internet Environment"— Presentation transcript:

1 Chinese wall model in the internet Environment
Arab Academy for Banking and Financial sciences PhD program Information System Security Chinese wall model in the internet Environment Prepared to : Dr.Lo’ai Tawalbeh Presented by : Marwan Al_Abed Abu_Zanona 4/5/2019 Selected Topics In IIS

2 Agenda Introduction Chinese wall Model Policy Simple security rule
Chinese wall in www . Authentication . Authorization . 4/5/2019 Selected Topics In IIS

3 introduction The goals most often specified in a security policy are :
confidentiality - prevention of unauthorized access and theft of information. integrity - prevention of unauthorized modification of information. availability - prevention of denial of service. 4/5/2019 Selected Topics In IIS

4 introduction Chinese Wall security describe how to reach these goals.
It’s a commercial security policy . The Chinese Wall security policy focuses more on confidentiality . The Chinese Wall security policy is perhaps as significant to some parts of the commercial world as Bell and LaPadula’s policies are to the military . 4/5/2019 Selected Topics In IIS

5 introduction It can be distinguished from Bell-LaPadula policies by the way that a user’s permitted accesses are constrained by the history of his previous accesses . The Chinese Wall security policy was identified by Brewer and Nash. It is a real commercial policy which can be formally modelled. Its basic idea is to keep company information confidential and prevent it from unauthorized access of consulting services. 4/5/2019 Selected Topics In IIS

6 Chinese wall Model Policy
All corporate information is stored in hierarchically arranged filling system. It consist of three levels : At the lowest level , individual items of information (objects) is considered, each concerning a single corporation . At the intermediate level , all objects which concern the same corporation are grouped into a company dataset . At the highest level , all company datasets whose corporations are in competition are grouped together. Each group is referred as a conflict of interest class . 4/5/2019 Selected Topics In IIS

7 4/5/2019 Selected Topics In IIS

8 Chinese wall Model Policy
Associated with each object is the name of the company dataset to which it belongs and the name of the conflict of interest class to which that company dataset belongs . 4/5/2019 Selected Topics In IIS

9 Chinese wall Model Policy
If the system maintained information on Bank-A , Oil Company-A and Oil Company-B : All objects would belong to one of three company dataset ( “bank-A” “oil company-A” or “oil company-B” ) , There would be two conflict of interest classes , one for banks ( containing Bank-A’s dataset ) and one for petroleum companies ( containing Oil company-A’s and Oil company-B’s dataset . 4/5/2019 Selected Topics In IIS

10 4/5/2019 Selected Topics In IIS

11 Chinese wall Model Policy
The basis of the Chinese Wall policy is that people are only allowed access to information which is not held to conflict with any other information that they already possess . 4/5/2019 Selected Topics In IIS

12 Chinese wall Model Policy
Thus , in consideration of the Bank-A , Oil Company-A and Oil Company-B datasets , a new user may freely choose to access whatever datasets he likes ; as far as the computer is concerned a new user does not possess any information and therefore no conflict can exist . 4/5/2019 Selected Topics In IIS

13 Chinese wall Model Policy
Suppose the user accesses the Oil Company-A dataset first . The user now possess information concerning the oil company-A dataset . Later , he requests access to the Bank-A dataset This is quite permissible since the Bank-A and Oil company-A datasets belong to different conflict of interest classes and therefore no conflict exists . 4/5/2019 Selected Topics In IIS

14 4/5/2019 Selected Topics In IIS

15 Chinese wall Model Policy
However, if he requests access to the oil company-B dataset the request must be denied since a conflict does exist between the requested dataset ( Oil Company-B) and one already possessed (Oil Company-A) . 4/5/2019 Selected Topics In IIS

16 4/5/2019 Selected Topics In IIS

17 Chinese wall Model Policy
It does not matter whether the oil company-A dataset was accessed before or after the Bank-A dataset . However, were Oil Company-B to be accessed before the request to access the Oil Company-A dataset , the restrictions would be quite different . In this case access to the Oil Company-A dataset would be denied and the user would possess { “Oil Company-B“ , “Bank-A” } ( as opposed to the request to access the oil Company-B dataset being denied and the user possessing { “Oil Company-A” , “Bank-A” } ) . 4/5/2019 Selected Topics In IIS

18 Chinese Wall Model In www
To realize the Chinese Wall security policy we need user labels that contain information about the user’s identity and objects already accessed by him. We require mechanisms that reliably provide authentication and authorization by user profiles that support an interface to software run in the world wide web. 4/5/2019 Selected Topics In IIS

19 Authentication in the world wide web
The Basic Authentication : is included in the HTTP protocol. It is based on the model that the user agent must authenticate himself with a user-ID and a password when requesting a protected document . The server responds the request with a challenge for the authorization information of the user agent.. Now user identification and password information in the entity header are passed over the Internet in clear text as a BASE64 encoded string and the server send the requested document in response. the Basic Authentication scheme is not a secure method of user authentication, or does it prevent the entity body from being transmitted in clear text across the physical network used as the carrier . Basic Authentication is based on the assumption that the connection between the client and the server can be regarded as a trusted carrier. As this is generally not true on an open network . 4/5/2019 Selected Topics In IIS

20 Basic Authentication 4/5/2019 Selected Topics In IIS

21 Authentication in the world wide web
The Digest Access Authentication: is an extension to the HTTP protocol. It is developed to make up the Basic Authentication deficits. The server answers the client request with an unauthorized header and the user is provided with a dialog box to type in the user’s username and password. The Digest Authentication calculates a checksum of all relevant connection data along with a server generated and sends it back to the server. The server takes the unique connection data and also creates a checksum. If the two checksums match up the server allows access to the requested document. This way, authorization is completed without sending a password across the Internet. 4/5/2019 Selected Topics In IIS

22 Digest Access Authentication
Digest Authentication does not provide the encapsulation of the message content . 4/5/2019 Selected Topics In IIS

23 Authentication and Data Protection with SSL
The SSL protocol includes services for server/client authentication. encryption of data in transit, meaning privacy and data integrity. Privacy is achieved by using symmetric cryptography. Data integrity is ensured by Message Authentication Check (MAC) and for authentication the Public Key Infrastructure is used. 4/5/2019 Selected Topics In IIS

24 Authentication and Data Protection with SSL
4/5/2019 Selected Topics In IIS

25 Authentication and Data Protection with SSL
SSL protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, and reassembled, then delivered to higher level clients. The SSL session is established by a handshake sequence between client and server . The handshake sequence consists of messages that enable negotiation of cryptographic parameters, generation of shared secrets (session keys) between client and server at the beginning of their communication 4/5/2019 Selected Topics In IIS

26 Authentication and Data Protection with SSL
4/5/2019 Selected Topics In IIS

27 Authorization in the world wide web
To realize the Chinese Wall security policy within the WWW we need a flexible authorization mechanism. It must provide a dynamic change of the user access rights, which is an essential element of the Chinese Wall security policy. Once a user accessed a company dataset in an untouched conflict of interest class the profile must deny access rights to all other companies in this COI class. 4/5/2019 Selected Topics In IIS

28 Authorization in the world wide web
4/5/2019 Selected Topics In IIS

29 Authorization Mechanisms
Authorization by user profiles Authorization by certificates The Open Profiling Standard 4/5/2019 Selected Topics In IIS

Download ppt "Chinese wall model in the internet Environment"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Chinese wall model in the internet Environment

Chinese wall model in the internet Environment
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Chapter 8 Web Security.

Chapter 8 Web Security.
Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.

Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Similar presentations

Ads by Google