23-04-2014, 04:26 PM
Hybrid Policies
Hybrid Policies.ppt (Size: 102.5 KB / Downloads: 16)
Overview
Chinese Wall Model
Focuses on conflict of interest
CISS Policy
Combines integrity and confidentiality
ORCON
Combines mandatory, discretionary access controls
RBAC
Base controls on job function
Organization
Organize entities into “conflict of interest” classes
Control subject accesses to each class
Control writing to all classes to ensure information is not passed along in violation of rules
Allow sanitized data to be viewed by everyone
Definitions
Objects: items of information related to a company
Company dataset (CD): contains objects related to a single company
Written CD(O)
Conflict of interest class (COI): contains datasets of companies in competition
Written COI(O)
Assume: each object belongs to exactly one COI class
How Information Flows
Definition: information may flow from o to o if there is a subject such that H(s, o) and H(s, o).
Intuition: if s can read 2 objects, it can act on that knowledge; so information flows between the objects through the nexus of the subject
Write the above situation as (o, o)