hybrid policies
DESCRIPTION
Hybrid Policies. CS691 – Chapter 7 of Matt Bishop. Chinese Wall Model. It describes policies that prevent conflict of interest. Examples in British Law, provide defense against criminal charges. Stock Exchange and Investment house. Prevent traders represents clients with conflict interest. - PowerPoint PPT PresentationTRANSCRIPT
1cs691 chow
Hybrid PoliciesHybrid Policies
CS691 – Chapter 7 of Matt Bishop
2cs691 chow
Chinese Wall ModelChinese Wall Model
It describes policies that prevent conflict of interest. Examples
in British Law, provide defense against criminal charges. Stock Exchange and Investment house. Prevent traders
represents clients with conflict interest. Definition 7-1. The objects of the database are items of information
related to a company. Definition 7-2. A company dataset (CD) contains objects related to
a single company. Definition 7-3. A conflict of interest (COI) class contains the
datasets of companies in competition. Let COI(O) represent the COI class that contains object 0, and let
CD(O) be the company dataset that contains object 0. The model assumes that each object belongs to exactly one COI class.
It describes policies that prevent conflict of interest. Examples
in British Law, provide defense against criminal charges. Stock Exchange and Investment house. Prevent traders
represents clients with conflict interest. Definition 7-1. The objects of the database are items of information
related to a company. Definition 7-2. A company dataset (CD) contains objects related to
a single company. Definition 7-3. A conflict of interest (COI) class contains the
datasets of companies in competition. Let COI(O) represent the COI class that contains object 0, and let
CD(O) be the company dataset that contains object 0. The model assumes that each object belongs to exactly one COI class.
3cs691 chow
CD and COICD and COI
4cs691 chow
CW-Simple Security ConditionCW-Simple Security Condition
Consider temporal element. After accessing Bank of America, Anthony should not transfer to work on Cityband’s profolio.
PR(S) is the set of objects that S has read. CW-Simple Security Condition, Preliminary
Version: S can read 0 if and only if either of the following is true.1. There is an object O' such that S has accessed O'
and CD(O') = CD(O).2. For all objects O’, O’ PR(S) COI(O') COI(O).
Initially, PR(S) = 0, and the initial read request is assumed to be granted.
Consider temporal element. After accessing Bank of America, Anthony should not transfer to work on Cityband’s profolio.
PR(S) is the set of objects that S has read. CW-Simple Security Condition, Preliminary
Version: S can read 0 if and only if either of the following is true.1. There is an object O' such that S has accessed O'
and CD(O') = CD(O).2. For all objects O’, O’ PR(S) COI(O') COI(O).
Initially, PR(S) = 0, and the initial read request is assumed to be granted.
5cs691 chow
Consider Sanitized DataConsider Sanitized Data
In practice, companies have information they can release publicly, such as annual stockholders' reports and filings before government commissions. The Chinese Wall model should not consider this information restricted, because it is available to all. Hence, the model distinguishes between sanitized data and unsanitized data; the latter falls under the CW-simple security condition, preliminary version, whereas the former does not. The CW-simple security condition can be reformulated to include this notion.
CW-Simple Security Condition: S can read 0 if and only if any of the following holds.1. There is an object O' such that S has accessed O' and CD(O')
= CD(O).2. For all objects O', O' PR(S) COI(O') COI(O). 3. O is a sanitized object.
In practice, companies have information they can release publicly, such as annual stockholders' reports and filings before government commissions. The Chinese Wall model should not consider this information restricted, because it is available to all. Hence, the model distinguishes between sanitized data and unsanitized data; the latter falls under the CW-simple security condition, preliminary version, whereas the former does not. The CW-simple security condition can be reformulated to include this notion.
CW-Simple Security Condition: S can read 0 if and only if any of the following holds.1. There is an object O' such that S has accessed O' and CD(O')
= CD(O).2. For all objects O', O' PR(S) COI(O') COI(O). 3. O is a sanitized object.
6cs691 chow
CW-*-PropertyCW-*-Property
Suppose Anthony and Susan work in the same trading house. Anthony can read objects in Bank of America's CD, and Susan can read objects in Citibank's CD. Both can read objects in ARCO's CD. If Anthony can also write to objects in ARCO's CD, then he can read information from objects in Bank of America's CD and write to objects in ARCO's CD, and then Susan can read that information; so, Susan can indi rectly obtain information from Bank of America's CD, causing a conflict of interest. The CW-simple security condition must be augmented to prevent this.
CW-*-Property: A subject S may write to an object 0 if and only if both of the following conditions hold.
1. The CW-simple security condition permits S to read O.2. For all unsanitized objects O S can read 0' CD(O') = CD(O).
In the example above, Anthony can read objects in both Bank of America's CD and ARCO's CD. Thus, condition 1 is met. However, assuming that Bank of America's CD contains unsanitized objects (a reasonable assumption), then because Anthony can read those objects, condition 2 is false. Hence, Anthony cannot write to objects in ARCO's CD.
Suppose Anthony and Susan work in the same trading house. Anthony can read objects in Bank of America's CD, and Susan can read objects in Citibank's CD. Both can read objects in ARCO's CD. If Anthony can also write to objects in ARCO's CD, then he can read information from objects in Bank of America's CD and write to objects in ARCO's CD, and then Susan can read that information; so, Susan can indi rectly obtain information from Bank of America's CD, causing a conflict of interest. The CW-simple security condition must be augmented to prevent this.
CW-*-Property: A subject S may write to an object 0 if and only if both of the following conditions hold.
1. The CW-simple security condition permits S to read O.2. For all unsanitized objects O S can read 0' CD(O') = CD(O).
In the example above, Anthony can read objects in both Bank of America's CD and ARCO's CD. Thus, condition 1 is met. However, assuming that Bank of America's CD contains unsanitized objects (a reasonable assumption), then because Anthony can read those objects, condition 2 is false. Hence, Anthony cannot write to objects in ARCO's CD.