1 / 18

Chinese wall model in the internet Environment

Chinese wall model in the internet Environment. Agenda. Introduction Chinese wall Model Policy Simple security rule Chinese wall in www . Authentication . Authorization. introduction. The goals most often specified in a security policy are :

bracha
Download Presentation

Chinese wall model in the internet Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chinese wall model in the internet Environment

  2. Agenda • Introduction • Chinese wall Model Policy • Simple security rule • Chinese wall in www . • Authentication . • Authorization .

  3. introduction • The goals most often specified in a security policy are : • confidentiality - prevention of unauthorized access and theft of information. • integrity - prevention of unauthorized modification of information. • availability - prevention of denial of service.

  4. introduction • Chinese Wall security describe how to reach these goals. • It’s a commercial security policy . • The Chinese Wall security policy focuses more on confidentiality . • The Chinese Wall security policy is perhaps as significant to some parts of the commercial world as Bell and LaPadula’s policies are to the military .

  5. introduction • It can be distinguished from Bell-LaPadula policies by the way that a user’s permitted accesses are constrained by the history of his previous accesses . • The Chinese Wall security policy was identified by Brewer and Nash. It is a real commercial policy which can be formally modelled. Its basic idea is to keep company information confidential and prevent it from unauthorized access of consulting services.

  6. Chinese wall Model Policy • All corporate information is stored in hierarchically arranged filling system. It consist of three levels : • At the lowest level , individual items of information (objects) is considered, each concerning a single corporation . • At the intermediate level , all objects which concern the same corporation are grouped into a company dataset . • At the highest level , all company datasets whose corporations are in competition are grouped together. Each group is referred as a conflict of interest class .

  7. Chinese wall Model Policy • Associated with each object is the name of the company dataset to which it belongs and the name of the conflict of interest class to which that company dataset belongs .

  8. Chinese wall Model Policy • If the system maintained information on Bank-A , Oil Company-A and Oil Company-B : • All objects would belong to one of three company dataset ( “bank-A”“oil company-A” or “oil company-B” ) , • There would be two conflict of interest classes , one for banks ( containing Bank-A’s dataset ) and one for petroleum companies ( containing Oil company-A’s and Oil company-B’s dataset .

  9. Chinese wall Model Policy • The basis of the Chinese Wall policy is that people are only allowed access to information which is not held to conflict with any other information that they already possess .

  10. Chinese wall Model Policy • Thus , in consideration of the Bank-A , Oil Company-A and Oil Company-B datasets , a new user may freely choose to access whatever datasets he likes ; as far as the computer is concerned a new user does not possess any information and therefore no conflict can exist .

  11. Chinese wall Model Policy • Suppose the user accesses the Oil Company-A dataset first . The user now possess information concerning the oil company-A dataset . • Later , he requests access to the Bank-A dataset • This is quite permissible since the Bank-A and Oil company-A datasets belong to different conflict of interest classes and therefore no conflict exists .

  12. Chinese wallModel Policy • However, if he requests access to the oil company-B dataset the request must be denied since a conflict does exist between the requested dataset ( Oil Company-B) and one already possessed (Oil Company-A) .

  13. Chinese wall Model Policy • It does not matter whether the oil company-A dataset was accessed before or after the Bank-A dataset . • However, were Oil Company-B to be accessed before the request to access the Oil Company-A dataset , the restrictions would be quite different . • In this case access to the Oil Company-A dataset would be denied and the user would possess { “Oil Company-B“ , “Bank-A” } ( as opposed to the request to access the oil Company-B dataset being denied and the user possessing { “Oil Company-A” , “Bank-A” } ) .

  14. Chinese Wall Model In www • To realize the Chinese Wall security policy we need user labels that contain information about the user’s identity and objects already accessed by him. We require mechanisms that reliably provide authentication and authorization by user profiles that support an interface to software run in the world wide web.

More Related