100 likes | 221 Views
Computer Security Hybrid Policies. Chinese Wall model. The security policies address both confidentiality and integrity. Primitives: A database of objects , which contain information relating to a company Company Datasets (CDs) containing objects relating to a single company.
E N D
Chinese Wall model The security policies address both confidentiality and integrity. Primitives: • A database of objects, which contain information relating to a company • Company Datasets (CDs) containing objects relating to a single company. • Conflict Of Interest (COI) classes that contain the CDs of companies in competition.
Example Bank COI Class Gas Company COI Class Bank of America a Shell s Standard Oil e Citibank b Bank the West c Union ‘76 u ARCO n
CW-simple security condition Let PR(s) be the set of objects that subject s has read. CW-simple security condition, prelim version: s can read o iff either of the following holds. • There is an object o’ such that s has accessed o’ and CD(o’) = CD(o) • For all o’ PR(s): COI(o’) COI(o)
CW-simple security condition Sanitized vs unsanitized objects CW-simple security condition: s can read o iff either of the following holds. • There is an object o’ such that s has accessed o’ and CD(o’) = CD(o) • o’ PR(s) COI(o’) COI(o) • o is sanitized
CW-*property Sanitized vs unsanitized objects CW-*property: s can write to object o iff both of the following hold. • The CW-ss condition permits s to read o • For all unsanitized o’: s can read o’ CD(o’) = CD(o).
BLP & Chinese Wall BLP & CW are fundamentally different: • subjects in CW do not have security labels. • BLP has no notion of “past accesses”.
BLP & Chinese Wall To emulate CW in BLP we assign a security category to each (COI,CD) pair. We define two security levels: • S for sanitized and U for unsanitized, and • Define the domination: U dom S. So for example: (U,{b,s}) dom (U, b).
Role-Based Access Control The ability or need to access information may depend on one’s job functions, i.e., the role one has. • A role r is a collection of functions. The set of authorized transactions of r is denoted by trans(r). • The active role of a subject s, actr(s), is the role that s is currently performing. • The authorized roles of s, authr(s), is the set of roles that s is authorized to assume. • The predicate canexe(s,t), is true iff s can execute t at the current time.
RBAC Three rules define the ability of a subject to execute a transaction. Let S be the set of subjects and T the set of transactions. • Rule of role assignment: s S, t T : canexec(s,t) actr(s) (if s can execute a transaction t then it has an active role) • Rule of role authorization: s S : actr(s) authr(s) (if s is active then its role is authorized) • Rule of transaction authorization: s S, t T : canexec(s,t) t trans(actr(s)) (if s can execute t then t is an authorized transaction of s)