07-05-2013, 12:48 PM
Hybrid Polices
Hybrid Polices.ppt (Size: 304 KB / Downloads: 17)
Chinese Wall Model
Problem:
Tony advises Citibank about investments
He is asked to advise Bank of America about investments
Conflict of interest to accept, because his advice for either bank would affect his advice to the other bank
The Chinese Wall model is a model of a security policy that refers equally to confidentiality and integrity.
It describes policies that involve a conflict of interest in business, and is as important to those situations as the Bell-LaPadula Model is to the military.
For example, British law requires the use of a policy similar to this, and correct implementation of portions of the model provides a defense in cases involving certain criminal charges .
The environment of a stock exchange or investment house is the most natural environment for this model.
In this context, the goal of the model is to prevent a conflict of interest in which a trader represents two clients, and the best interests of the clients conflict, so the trader could help one gain at the expense of the other.
Informal Description
Consider the database of an investment house. It consists of companies' records about investment and other data that investors are likely to request. Analysts use these records to guide the companies' investments, as well as those of individuals. Suppose Anthony counsels Bank of America in its investments. If he also counsels Citibank, he has a potential conflict of interest, because the two banks' investments may come into conflict. Hence, Anthony cannot counsel both banks
Organization
Organize entities into “conflict of interest” classes
Control subject accesses to each class
Control writing to all classes to ensure information is not passed along in violation of rules
Allow sanitized data to be viewed by everyone
Definitions
Objects: items of information related to a company
Company dataset (CD): contains objects related to a single company
Written CD(o)
Conflict of interest class (COI): contains datasets of companies in competition
Written COI(o)
Assume: each object belongs to exactly one COI class
Compare to Bell-LaPadula
Temporal aspect is fundamental to model but this is not an explicit part of Bell-LaPadula
Bell-LaPadula can capture state at any time
Each (COI, CD) pair gets security category
Two clearances, S (sanitized) and U (unsanitized)
S dom U
Subjects assigned clearance for compartments without multiple categories corresponding to CDs in same COI class
Compare to Clark-Wilson
Clark-Wilson Model covers integrity, so consider only access control aspects
If “subjects” and “processes” are interchangeable, a single person could use multiple processes to violate CW-simple security condition
Would still comply with Clark-Wilson Model
If “subject” is a specific person and includes all processes the subject executes, then consistent with Clark-Wilson Model
Confinement
Confinement Principle: Information from one medical record may be appended to a different medical record if and only if the access control list of the second record is a subset of the access control list of the first.
This keeps information from leaking to unauthorized users. All users have to be on the access control list.
Enforcement
Principle: Any computer system that handles medical records must have a subsystem that enforces the preceding principles. The effectiveness of this enforcement must be subject to evaluation by independent auditors.
This policy has to be enforced, and the enforcement mechanisms must be auditable (and audited)
Compare to Bell-LaPadula
Confinement Principle imposes lattice structure on entities in model
Similar to Bell-LaPadula
CISS focuses on objects being accessed; B-LP on the subjects accessing the objects
May matter when looking for insiders in the medical environment