Download presentation
Presentation is loading. Please wait.
Published byNathan Cannon Modified over 9 years ago
1
1 cs691 chow Hybrid Policies CS691 – Chapter 7 of Matt Bishop
2
2 cs691 chow Chinese Wall Model It describes policies that prevent conflict of interest. Examples in British Law, provide defense against criminal charges. Stock Exchange and Investment house. Prevent traders represents clients with conflict interest. Definition 7-1. The objects of the database are items of information related to a company. Definition 7-2. A company dataset (CD) contains objects related to a single company. Definition 7-3. A conflict of interest (COI) class contains the datasets of companies in competition. Let COI(O) represent the COI class that contains object 0, and let CD(O) be the company dataset that contains object 0. The model assumes that each object belongs to exactly one COI class. It describes policies that prevent conflict of interest. Examples in British Law, provide defense against criminal charges. Stock Exchange and Investment house. Prevent traders represents clients with conflict interest. Definition 7-1. The objects of the database are items of information related to a company. Definition 7-2. A company dataset (CD) contains objects related to a single company. Definition 7-3. A conflict of interest (COI) class contains the datasets of companies in competition. Let COI(O) represent the COI class that contains object 0, and let CD(O) be the company dataset that contains object 0. The model assumes that each object belongs to exactly one COI class.
3
3 cs691 chow CD and COI
4
4 cs691 chow CW-Simple Security Condition Consider temporal element. After accessing Bank of America, Anthony should not transfer to work on Cityband’s profolio. PR(S) is the set of objects that S has read. CW-Simple Security Condition, Preliminary Version: S can read 0 if and only if either of the following is true. 1. There is an object O' such that S has accessed O' and CD(O') = CD(O). 2. For all objects O’, O’ PR(S) COI(O') COI(O). Initially, PR(S) = 0, and the initial read request is assumed to be granted. Consider temporal element. After accessing Bank of America, Anthony should not transfer to work on Cityband’s profolio. PR(S) is the set of objects that S has read. CW-Simple Security Condition, Preliminary Version: S can read 0 if and only if either of the following is true. 1. There is an object O' such that S has accessed O' and CD(O') = CD(O). 2. For all objects O’, O’ PR(S) COI(O') COI(O). Initially, PR(S) = 0, and the initial read request is assumed to be granted.
5
5 cs691 chow Consider Sanitized Data In practice, companies have information they can release publicly, such as annual stockholders' reports and filings before government commissions. The Chinese Wall model should not consider this information restricted, because it is available to all. Hence, the model distinguishes between sanitized data and unsanitized data; the latter falls under the CW-simple security condition, preliminary version, whereas the former does not. The CW-simple security condition can be reformulated to include this notion. CW-Simple Security Condition: S can read 0 if and only if any of the following holds. 1. There is an object O' such that S has accessed O' and CD(O') = CD(O). 2. For all objects O', O' PR(S) COI(O') COI(O). 3. O is a sanitized object. In practice, companies have information they can release publicly, such as annual stockholders' reports and filings before government commissions. The Chinese Wall model should not consider this information restricted, because it is available to all. Hence, the model distinguishes between sanitized data and unsanitized data; the latter falls under the CW-simple security condition, preliminary version, whereas the former does not. The CW-simple security condition can be reformulated to include this notion. CW-Simple Security Condition: S can read 0 if and only if any of the following holds. 1. There is an object O' such that S has accessed O' and CD(O') = CD(O). 2. For all objects O', O' PR(S) COI(O') COI(O). 3. O is a sanitized object.
6
6 cs691 chow CW-*-Property Suppose Anthony and Susan work in the same trading house. Anthony can read objects in Bank of America's CD, and Susan can read objects in Citibank's CD. Both can read objects in ARCO's CD. If Anthony can also write to objects in ARCO's CD, then he can read information from objects in Bank of America's CD and write to objects in ARCO's CD, and then Susan can read that information; so, Susan can indirectly obtain information from Bank of America's CD, causing a conflict of interest. The CW-simple security condition must be augmented to prevent this. CW-*-Property: A subject S may write to an object 0 if and only if both of the following conditions hold. 1. The CW-simple security condition permits S to read O. 2. For all unsanitized objects O S can read 0' CD(O') = CD(O). In the example above, Anthony can read objects in both Bank of America's CD and ARCO's CD. Thus, condition 1 is met. However, assuming that Bank of America's CD contains unsanitized objects (a reasonable assumption), then because Anthony can read those objects, condition 2 is false. Hence, Anthony cannot write to objects in ARCO's CD. Suppose Anthony and Susan work in the same trading house. Anthony can read objects in Bank of America's CD, and Susan can read objects in Citibank's CD. Both can read objects in ARCO's CD. If Anthony can also write to objects in ARCO's CD, then he can read information from objects in Bank of America's CD and write to objects in ARCO's CD, and then Susan can read that information; so, Susan can indirectly obtain information from Bank of America's CD, causing a conflict of interest. The CW-simple security condition must be augmented to prevent this. CW-*-Property: A subject S may write to an object 0 if and only if both of the following conditions hold. 1. The CW-simple security condition permits S to read O. 2. For all unsanitized objects O S can read 0' CD(O') = CD(O). In the example above, Anthony can read objects in both Bank of America's CD and ARCO's CD. Thus, condition 1 is met. However, assuming that Bank of America's CD contains unsanitized objects (a reasonable assumption), then because Anthony can read those objects, condition 2 is false. Hence, Anthony cannot write to objects in ARCO's CD.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.