• Summary
• Related Documents
  • Active Bibliography
  • Co-citation
• Version History

Popular Tags

No tags have been applied to this document.

Add a tag:

BibTeX | Add To MetaCart

@INPROCEEDINGS{Sandhu92alattice,
    author = {Ravi S. Sandhu},
    title = {A lattice interpretation of the Chinese Wall policy},
    booktitle = {In Proceedings of the 15th NIST-NCSC National Computer Security Conference},
    year = {1992},
    pages = {221--235}
}

Years of Citing Articles

Abstract:

Abstract The Chinese Wall policy was identified and so named by Brewer and Nash [2]. This policy arises in the segment of the commercial sector which provides consulting services to other companies. Consultants naturally have to deal with confidential company information for their clients. The objective of the Chinese Wall policy is to prevent information flows which cause conflict of interest for individual consultants. Brewer and Nash develop a mathematical model of the Chinese Wall policy, on the basis of which they claim that this policy "cannot be correctly represented by a Bell-LaPadula model." In this paper we demonstrate that the Brewer-Nash model is too restrictive to be employed in a practical system. This is due to their treatment of users and subjects as synonymous concepts, with the consequence that they do not distinguish security policy as applied to human users versus security policy as applied to computer subjects. By maintaining a careful distinction between users, principals and subjects, we show that the Chinese Wall policy is just another lattice-based information policy which can be easily represented within the Bell-LaPadula framework. 1

Citations