the chinese wall
play

The Chinese Wall Conflict of Interests Access Control Model - PowerPoint PPT Presentation

Nov 08, 2022 •487 likes •611 views

Introduction Access Control Models Other models: Part II The Chinese Wall Model it combines elements of DAC and MAC RBAC Model it is a DAC model; however, it is Elisa Bertino sometimes considered a policy-neutral model

  1. Introduction Access Control Models Other models: Part II – The Chinese Wall Model – it combines elements of DAC and MAC – RBAC Model – it is a DAC model; however, it is Elisa Bertino sometimes considered a policy-neutral model CERIAS and CS &ECE Departments – T-RBAC – it is an example of access control model that Purdue University takes contextual information into account – The Information-Flow model – generalizes the ideas underlying MAC – The Biba Model – relevant for integrity Purdue University Purdue University Pag. 1 Pag. 2 Elisa Bertino Elisa Bertino Table of Contents The Chinese Wall • Conflict of Interests Access Control Model • Chinese Wall Policy – Information classification – Read Rule – Write Rule • Criticisms to this model (R. Sandu) Pag. 3 Purdue University Pag. 4 Purdue University Elisa Bertino Elisa Bertino

  2. Purdue University Purdue University Pag. 5 Pag. 6 Elisa Bertino Elisa Bertino Chinese Wall Policy Conflict of Interest • It is a well known concept Introduced by Brewer and Nash in 1989 Introduced by Brewer and Nash in 1989 • An example in the financial world is that of a market analyst working for a financial institution providing corporate business The motivation for this work was to avoid that The motivation for this work was to avoid that services sensitive information concerning a company be sensitive information concerning a company be • Such analyst must uphold the confidentiality of information disclosed to competitor companies through the disclosed to competitor companies through the provided to him by his firm’s client; this means he/she cannot work of financial consultants work of financial consultants advise corporations where he/she has insider knowledge of the plans, status and standing of a competitor • It dynamically establishes the access rights of a user • However the analyst is free to advice corporations which are not in competition with each other, and also to draw on general based on what the user has already accessed market information Pag. 7 Purdue University Pag. 8 Purdue University Elisa Bertino Elisa Bertino

  3. Data Classification Chinese Wall Policy Set of All Objects Set of All Objects • Subjects : Active entities accessing protected objects • Objects : Data organized according to 3 levels CoI 2 2 CoI 1 1 CoI CoI 3 3 CoI CoI » Information » DataSet » Conflict-of-Interest (CoI) classes Bank A Bank A Bank B Bank B Gas A Gas A Oil A Oil A Oil B Oil B • Access Rules » Read rule » Write rule Info Info Info Info Info Info Info Info Info Purdue University Purdue University Pag. 9 Pag. 10 Elisa Bertino Elisa Bertino Read Rule Read Rule = John = John Read Rule: A subject S can read an object O if : Set of All Objects Set of All Objects • O is in the same Dataset as an object already accessed by S OR • O belongs to a CoI from which S has not yet CoI 2 CoI 2 COI 1 COI 1 CoI 1 1 COI 3 COI 3 CoI 3 3 CoI CoI accessed any information X R X Consultant Consultant R R R Bank A Bank A Bank B Gas A Oil A Oil B Bank A Bank A Bank B Gas A Oil A Oil A Oil A Oil B Bank B Bank B Bank A Bank A R R R R R R Gas A Gas A Oil B Oil B Info Info Info Info Info Info Info Info Info Info Info Pag. 11 Purdue University Pag. 12 Purdue University Elisa Bertino Elisa Bertino

  4. Comparison with Bell-LaPadula Write Rule • The Read Rule does not prevent indirect flow • The Chinese Wall Policy is a combination of information of free choice and mandatory control • Consider the following case: • Initially a subject is free to access any – John has access to object it wishes • Oil A and Bank A • Once the initial choice is made, a Chinese – Jane has access to Wall is created for that user around the • Oil B and Bank A dataset to which the object belongs – If John is allowed to read Oil A and write into • Note also that a Chinese Wall can be Bank A, it may transfer information about Oil A combined with DAC policies that can then be read by Jane Purdue University Purdue University Pag. 13 Pag. 14 Elisa Bertino Elisa Bertino Write Rule Write Rule = John Set of all objects Set of all objects Set of all objects Set of all objects = John = Jane = Jane CoI 2 2 COI 2 COI 1 CoI COI 3 CoI 3 3 COI 1 COI 2 COI 3 COI 3 COI 1 CoI 1 CoI 1 COI 3 CoI COI 1 COI 1 COI 1 COI 3 COI 3 Bank A Bank A Bank A Bank A Gas A Gas A Oil A Oil A Oil A Bank B Bank B Bank B Gas A Gas A Oil A Oil A Oil A Oil A Bank B Oil A Info Info Info ABC ABC Info Info Info Info Info ABC ABC Info ABC ABC Info Info Info Info ABC ABC Info Pag. 15 Purdue University Pag. 16 Purdue University Elisa Bertino Elisa Bertino

  5. Write Rule Write Rule Write Rule: A subject S can write an object O if: Thus, according to the write rule: • S can read O according to the Read Rule AND • No object has been read by S which is in a different company dataset to the one on which write is The flow of information is confined to its own performed company dataset X W W X Consultant Consultant Bank B Bank B R R A A Oil B Oil B X X R R W W Consultant Consultant Bank A Bank A B B Purdue University Purdue University Pag. 17 Pag. 18 Elisa Bertino Elisa Bertino Criticisms to the Model (R. Sandhu) Sanitized Information The Write Rule of BN is very restrictive: • Brewer and Nash recognize the need for The Write Rule of BN is very restrictive: analysts to be able to compare information they • A user that has read objects from more than one dataset is have with that relating to other corporations not able to write any object • The user can only read and write objects from a single • Thus they recognize that access restriction can dataset be lifted for sanitized information • Sanitization takes the form of disguising a corporation’s information, so to prevent the discovery of that corporation identity Pag. 19 Purdue University Pag. 20 Purdue University Elisa Bertino Elisa Bertino

  6. References Rick Wayman What is the “Chinese Wall” and why is it in the • Role Based Access (RBAC) News” ResearchStorck.com, 2001. • D.Brewer and Dr. M. Nash Control Model The Chinese Wall Policy Proc. In IEEE Symposium on Research in Security and Privacy May 1989, Oakland, California Ravi S. Sandhu A lattice Interpretation of the Chinese Wall Policy • Proc. Of 15 th NIST-NCSC National Computer Security Conference Ottobre 1992, Baltimore USA • V. Atluri, S. Chun, P. Mazzoleni A Chinese Wall Security Model for Decentralized Workflow Systems Proc. of 8th ACM Conference on Computer and Communications Security (CCS-8), Novembre 2001 Philadelphia, USA Purdue University Purdue University Pag. 21 Pag. 22 Elisa Bertino Elisa Bertino RBAC: Motivations RBAC: Motivations • One challenging problem in managing large • End users often do not own the information for systems is the complexity of security which they are allowed access. The corporation administration or agency is the actual owner of data objects • Whenever the number of subjects and objects is • Control is often based on employee functions high, the number of authorizations can become rather than data ownership extremely large • RBAC has been proposed as an alternative • Moreover, if the user population is highly approach to DAC and MAC both to simplify the dynamic, the number of grant and revoke task of access control management and to operations to be performed can become very difficult to manage directly support function-based access control Pag. 23 Purdue University Pag. 24 Purdue University Elisa Bertino Elisa Bertino

  7. RBAC: Basic Concepts RBAC: Benefits • Because roles represent organizational • Roles represent functions within a given functions, an RBAC model can directly support organization and authorizations are granted to security policies of the organization roles instead of to single users • Granting and revoking of user authorizations is • Users are thus simply authorized to "play" the greatly simplified appropriate roles, thereby acquiring the roles’ • RBAC models have been shown to be policy- authorizations neutral Purdue University Purdue University Pag. 25 Pag. 26 Elisa Bertino Elisa Bertino RBAC NIST Model • DBMS vendors have recognized the importance and the advantages of RBAC, and today most of the • Three main levels of increasing functional commercial DBMSs support RBAC features at some capabilities extents – Core RBAC – also called Flat RBAC • There is some consensus on a standard RBAC model • The NIST model [Sandhu,Ferraiolo,Kuhn 00] has – Hierarchical RBAC been the first step towards the definition of a – Constrained RBAC standard • A recent definition is by ANSI. American national standard for information technology – role based access control. ANSI INCITS 359-2004, February 2004 Pag. 27 Purdue University Pag. 28 Purdue University Elisa Bertino Elisa Bertino

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

May 3: Trust and Hybrid Models Trust models Chinese Wall model Aggressive Chinese Wall

May 3: Trust and Hybrid Models Trust models Chinese Wall model Aggressive Chinese Wall

May 3: Trust and Hybrid Models Trust models Chinese Wall model Aggressive Chinese Wall model May 3, 2017 ECS 235B Spring Quarter 2017 Slide #1 Types of Trust Models Policy-based trust management Recommendation-based trust

714 views • 37 slides
Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall Apu Kapadia,

Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall Apu Kapadia,

Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall Apu Kapadia, Prasad Naldurg, Roy H. Campbell Dartmouth College (ISTS) Microsoft Research, India University of Illinois at Urbana-Champaign Policy 2007 Lack

369 views • 15 slides
Learning Chinese or becoming sinophone: incorporating learner identity in a model of

Learning Chinese or becoming sinophone: incorporating learner identity in a model of

Learning Chinese or becoming sinophone: incorporating learner identity in a model of cultural pedagogy for Chinese Edward McDonald University of New South Wales e.j.mcdonald@unsw.edu.au Cover choices (i): Great wall of Chinese

501 views • 30 slides
Wall Ball Wall Proposal Not Simply a wall, a way of

Wall Ball Wall Proposal Not Simply a wall, a way of

Wall Ball Wall Proposal Not Simply a wall, a way of crea8ng a new dimension of play and connec8on within our community Presented by Will

1.45k views • 19 slides
WELCOME CHINESE Your Access Channel to the Chinese Market Welcome Chinese mission statement

WELCOME CHINESE Your Access Channel to the Chinese Market Welcome Chinese mission statement

WELCOME CHINESE Your Access Channel to the Chinese Market Welcome Chinese mission statement Mission statement The Role of Welcome Chinese Welcome Chinese is the exclusive group which creates Guarantee better services to Chinese tourists

752 views • 33 slides
Asteroid Storyline 3 Earth Storyline 4 Forrest Storyline 5 Chinese Wall Storyline 6

Asteroid Storyline 3 Earth Storyline 4 Forrest Storyline 5 Chinese Wall Storyline 6

2 Asteroid Storyline 3 Earth Storyline 4 Forrest Storyline 5 Chinese Wall Storyline 6 Sphere Storyline 7 Doom Storyline Part 2 9 Goal: fast and addictive Game Description 10 Goal: fast and addictive Game Description 11

698 views • 30 slides
QTYUIOP APEX4-04-02 FW/BLANKET DESIGN NECESSARY AND DESIRABLE ATTRIBUTES Adequate tritium

QTYUIOP APEX4-04-02 FW/BLANKET DESIGN NECESSARY AND DESIRABLE ATTRIBUTES Adequate tritium

FLAT WALL HELICAL FIRST WALL AND INTEGRATED ONCE-THRU FW/BLANKET CONCEPTS by C.P.C. Wong, S. Malang, M. Sawan, M. Friend, * S. Majumdar, E. Mogahed, B. Merrill Variation to the ARIES-AT approach Flat wall helical first wall and

830 views • 16 slides
Bacteria Without a Cell Wall L-forms Pros & Cons of Cell Wall Cell membrane Cell wall DNA

Bacteria Without a Cell Wall L-forms Pros & Cons of Cell Wall Cell membrane Cell wall DNA

A New Chassis for Synthetic Biology: Bacteria Without a Cell Wall L-forms Pros & Cons of Cell Wall Cell membrane Cell wall DNA Cell membrane ribosomes RNA metabolites Bacterium with Bacterium cell wall without cell wall Previous

673 views • 35 slides
EUTR Chinese Plywood Project Chinese Plywood Project Presentation 15.04.15 Why Chinese plywood?

EUTR Chinese Plywood Project Chinese Plywood Project Presentation 15.04.15 Why Chinese plywood?

EUTR Chinese Plywood Project Chinese Plywood Project Presentation 15.04.15 Why Chinese plywood? High risk - Species (face) - Countries of origin Whistle blowing Composite material Source: http://www.duediligencetimber.eu/UK.htm

148 views • 13 slides
HAMPTON INN HOTEL RENOVATION CORRIDORS WALL VINYL WINDOW TEATMENTS WALL ART CARPET WALL ART

HAMPTON INN HOTEL RENOVATION CORRIDORS WALL VINYL WINDOW TEATMENTS WALL ART CARPET WALL ART

HAMPTON INN HOTEL RENOVATION CORRIDORS WALL VINYL WINDOW TEATMENTS WALL ART CARPET WALL ART WALL ART SCONCES GUEST ROOMS CARPET TILE SLEEPER SOFAS HEAD BOARD CASE GOODS CARPET OVERALL LOOK GUEST ROOMS Cushioned Pinned Bed Board

474 views • 10 slides
M D I D I Building Innovation presents MAGIX Wall The Fast Track Strong Partition Wall System

M D I D I Building Innovation presents MAGIX Wall The Fast Track Strong Partition Wall System

M D I D I Building Innovation presents MAGIX Wall The Fast Track Strong Partition Wall System Why MAGIX Wall? Traditionally, masonry wall has been widely used in construction world, although it has many concerns. For example it takes a long

347 views • 13 slides
PSP Training for Everyone Dan Wall Dan Wall TSP Symposium 2007 Problem More and more

PSP Training for Everyone Dan Wall Dan Wall TSP Symposium 2007 Problem More and more

PSP Training for Everyone Dan Wall Dan Wall TSP Symposium 2007 Problem More and more organizations are now adopting the TSP and attempting to use it in non software situations. The purpose of the PSP for Engineers course is to provide the

588 views • 14 slides
Build A Wall Perimeter wall 1 // Guardicore Spoiler Alert: Wall Will be Breached 2 //

Build A Wall Perimeter wall 1 // Guardicore Spoiler Alert: Wall Will be Breached 2 //

Security Common Practice: Build A Wall Perimeter wall 1 // Guardicore Spoiler Alert: Wall Will be Breached 2 // Guardicore The answer: Micro-segmentation Welcome To Zero Trust 3 // Guardicore Micro-segmentation : Walls don t work

531 views • 17 slides
investors Do You Want: To raise money from Chinese EB-5 investors? To partner with Chinese EB-5

investors Do You Want: To raise money from Chinese EB-5 investors? To partner with Chinese EB-5

Direct access to Chinese EB-5 investors Do You Want: To raise money from Chinese EB-5 investors? To partner with Chinese EB-5 immigration agencies? To prepare professional marketing materials? EB-5 Supermarket can assist you with all of

598 views • 23 slides
Welcome, Chinese and Chinese-American community of Lexington! Im Fiona, and Im excited to

Welcome, Chinese and Chinese-American community of Lexington! Im Fiona, and Im excited to

Welcome, Chinese and Chinese-American community of Lexington! Im Fiona, and Im excited to talk to you today about the new AoPS Academy opening up near you, as well as my own educational experiences as a Chinese-American woman who grew up

593 views • 13 slides
Security models part 2 Bj orn Victor Fall 2007 Doris Denning model Denning model Chinese

Security models part 2 Bj orn Victor Fall 2007 Doris Denning model Denning model Chinese

Security models part 2 Bj orn Victor Fall 2007 Doris Denning model Denning model Chinese Wall Clark-Wilson Principles BLP: covert channels possible -property too strong Improvement: analyse actual (and indirect) information flow.

676 views • 45 slides
Decision on Market Surveillance Committee Reappointment Yakout Mansour CAISO President and Chief

Decision on Market Surveillance Committee Reappointment Yakout Mansour CAISO President and Chief

California Independent System Operator Corporation Decision on Market Surveillance Committee Reappointment Yakout Mansour CAISO President and Chief Executive Officer CAISO Board of Governors Meeting January 24-25, 2007 California Independent

308 views • 3 slides
0 RESTRICTED | FirstCaribbean International Bank Presentation to the Annual General Meeting Rik

0 RESTRICTED | FirstCaribbean International Bank Presentation to the Annual General Meeting Rik

0 RESTRICTED | FirstCaribbean International Bank Presentation to the Annual General Meeting Rik Parkhill, Chief Executive Officer March 13, 2015 AGENDA Summary Financial Performance Strategic Priorities Community Conclusion 2

386 views • 22 slides
Peter Mabson , Chief Executive Officer TSX: XCT Sean Maybee , Chief Financial Officer Summer 2018

Peter Mabson , Chief Executive Officer TSX: XCT Sean Maybee , Chief Financial Officer Summer 2018

Investor Presentation Peter Mabson , Chief Executive Officer TSX: XCT Sean Maybee , Chief Financial Officer Summer 2018 This document does not provide full disclosure of all material facts relating to exactEarth. This presentation is not, nor part

379 views • 26 slides
Investor Presentation: 2018 Annual Meeting of Stockholders August 2018 Executive Summary About

Investor Presentation: 2018 Annual Meeting of Stockholders August 2018 Executive Summary About

Investor Presentation: 2018 Annual Meeting of Stockholders August 2018 Executive Summary About McDermott Premier, fully-integrated provider of technology, engineering and construction solutions to the energy industry Designs and builds

754 views • 11 slides
Exchange Program Queens University Fudan University (School of Policy Studies) Academic

Exchange Program Queens University Fudan University (School of Policy Studies) Academic

Exchange Program Queens University Fudan University (School of Policy Studies) Academic lead: Dr. Wenjue Knutsen Coordinator: Fiona Froats (knutsenw@queensu.ca) (mpa.coordinator@queensu.ca) Fudan University Fudan

278 views • 23 slides
Were gonna build a wall! A guide to managing conflicts and danger zones in shared

Were gonna build a wall! A guide to managing conflicts and danger zones in shared

Were gonna build a wall! A guide to managing conflicts and danger zones in shared working and alternative service delivery models James Doble Cherwell and South Northants Councils What are we talking about and why? Shared

334 views • 12 slides
Capability Building in Chinas Auto Supply Chain Loren Brandt Department of Economics

Capability Building in Chinas Auto Supply Chain Loren Brandt Department of Economics

Capability Building in Chinas Auto Supply Chain Loren Brandt Department of Economics University of Toronto Background Development of Chinas auto sector must be viewed in context of larger process of capability-building in Chinese

659 views • 38 slides
Green Energy Wave Massive post-COVID stimulus programmes are transforming the renewable energy

Green Energy Wave Massive post-COVID stimulus programmes are transforming the renewable energy

Riding the US$16 trillion Green Energy Wave Massive post-COVID stimulus programmes are transforming the renewable energy sector creating unprecedented demand for critical metals Source: Goldman Sachs -Business Insider Australia, 18 June 2020

1.21k views • 24 slides

More recommend