David F. C. Brewer and Michael J. Nash. The Chinese wall security policy. In Proceedings of the IEEE Symposium on Security and Privacy, pages 206--214, 1989.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....should not be completed by a single subject. This implies that any single subject should not have all the access rights required for such 14 a transaction. When this principle is enforced, collusion among subjects is needed for fraud to take place. Chinese Wall policy The Chinese Wall policy [15] can be viewed as a kind of dynamic separation of duty. In the Chinese Wall policy, data objects are grouped into datasets, and datasets are grouped into conflict of interest classes. If a user accesses an object in one dataset, he cannot access any object in other datasets in the same ....

David F. C. Brewer and Michael J. Nash, "The Chinese Wall Security Policy," in Proceedings of the 1989.

....et al. Instead of following their proposal, and classify security policies by constraining computational resources available to the execution monitor, security policies are characterized by the kind of information that needs to be tracked by the execution monitors. Consider the Chinese Wall policy [6, 10, 11], a commercial policy for preventing accesses leading to conflict of interests. As observed by Brewer and Nash in their original formulation of the policy, successful enforcement of the Chinese Wall policy only requires the maintenance of a shallow access history of previously granted access ....

....in this class are recognizable by shallow history automata (SHA) expressiveness of which is provably more restrictive than that of Buchi like security automata. Surprisingly, it is still possible to express a wide range of well known and realistic security policies with SHA: Chinese Wall policy [6], low water mark policy [4] one out of k authorization [7] assured pipelines [5, 14] etc. This demonstrates that it is indeed possible to define meaningful classes of security policies by constraining information accessible to execution monitors. Motivated by the above success, the state ....

David F. C. Brewer and Michael J. Nash. The Chinese Wall security policy. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 206--214, Oakland, California, May 1989. Also available at http://www.gammassl.co.uk/topics/chinesewall.html.

....to access at most one set of data within that class. The above specification of object based SoD is useful for simulating properties of the Chinese Wall policy in role based access control. In the next section we describe this policy by adapting the description presented by Brewer and Nash [BN 89] We then proceed to define object based SoD constraints. 4.5.1 Chinese Walls To describe the Chinese Wall policy it is necessary that all corporate information is stored in a hierarchical order with three levels of significance: 1. at the lowest level there are individual items of ....

David F.C. Brewer, Michael J. Nash. The Chinese Wall Security Policy. In Proceedings of IEEE Symposium on Security and Privacy, 1989.

....himself. However, modular design principles suggest we should leave the code of the initial policy alone and create a separate module (policy) to handle the details of authentication and the extended privileges. Disjunctive policies also provide a convenient way to create Chinese wall policies [BN89] A Chinese wall policy allows the target to choose from one of many possible policies. However, when one policy is chosen the others become unavailable. For example, when designing a browser policy, we might expect two di#erent sorts of applets. One sort of applet acts like a proxy for a ....

David Brewer and Michael Nash. The Chinese wall security policy. In IEEE Symposium on Security and Privacy, pages 206--214, Oakland, May 1989.

....are being activated, which can be expected to be available when processing access requests. A second desirable feature would enable authorization to depend on state information, such as history or environment data. For instance, history information is needed to implement the Chinese Wall policy [6]. Policies representing such policies often result in unsafe Datalog rules. We plan to address this by distinguishing a class of request processing rules that are used only in connection with a specific request. When the request is made, it supplies values for all variables in the ....

David F.C. Brewer and Michael J. Nash. The chinese wall security policy. In Proceedings of the 1989.

....himself. However, modular design principles suggest we should leave the code of the initial policy alone and create a separate module (policy) to handle the details of authentication and the extended privileges. Disjunctive policies also provide a convenient way to create Chinese wall policies [BN89] A Chinese wall policy allows the target to choose from one of many possible policies. However, when one policy is chosen the others become unavailable. For example, when designing a browser policy, we might expect two di#erent sorts of applets. One sort of applet acts like a proxy for a ....

David Brewer and Michael Nash. The Chinese wall security policy. In IEEE Symposium on Security and Privacy, pages 206--214, Oakland, May 1989.

....should not be completed by a single subject. This implies that any single subject should not have all the access rights required for such 14 a transaction. When this principle is enforced, collusion among subjects is needed for fraud to take place. Chinese Wall policy The Chinese Wall policy [15] can be viewed as a kind of dynamic separation of duty. In the Chinese Wall policy, data objects are grouped into datasets, and datasets are grouped into conflict of interest classes. If a user accesses an object in one dataset, he cannot access any object in other datasets in the same ....

David F. C. Brewer and Michael J. Nash, "The Chinese Wall Security Policy," in Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 206--218, IEEE Computer Society Press, Los Alamitos, CA, 1989.

....support like documentation, structuring, type safety, reuse, and enhanced communication between developers and administrators. An interesting aspect of this work is that providing a usable and manageable environment has implications for the underlying access model. Existing access control models [HRU76, San92, BN89], which have been designed to make certain safety properties tractable or to allow certain classes of security policies that were not expressible in other models, either do not apply well to CORBA or do not support high level language constructs that help writing speci cations. The contributions ....

....service, thereby inserting views into or removing views from access matrix entries. 2. Automatic granting or revocation is performed implicitly by the security service. This occurs when operations are invoked that were de ned as triggers in an application speci c policy such as Chinese Wall [BN89]. 3. Delegation occurs implicitly during the course of an operation invocation when the target object delegates the call to another object. This might require to pass on security attributes of the caller, such as role membership certi cates. A number of di erent delegation policies are possible ....

[Article contains additional citation context not shown here]

David Brewer and Michael Nash. The chinese wall security policy. In IEEE Symposium on Security and Privacy, pages 206-214, 1989.

....certificates mirror organization structures and business processes. Hence, if one uses a credential issued by one business associate to do business with another one, there is a danger of confidential information being leaked. This seems to lead to the extension of the Chinese Wall security policy [6] from the sharing of information to the sharing of access credentials. Such limitations are obviously too inflexible for many applications and we must look for other ways of alleviating the privacy problems. Another advanced feature supported by SPKI is the threshold certificate (Fig. 2(a) It ....

David F. C. Brewer and Michael J. Nash. The Chinese wall security policy. In Proc. 1989 IEEE Symposium on Research in Security and Privacy, pages 206--214, Oakland, CA USA, May 1989. IEEE Computer Society Press.

....to an append only log to record their actions. C5 No TPs must act on spurious data. E4 Only the agent authorised to do certification can change the list E2. 2.2.4 Chinese Wall The prevention of conflicts of interest is of some importance in a business environment. The Chinese Wall policy [BN89] is designed for exactly that purpose. In fact, the Chinese Wall security policy is enforced by law for the stock exchange or other corporate dealings [Cor89] The policy partitions files into conflict classes. Two objects are in the same conflict class if knowledge of both would be construed as ....

David F.C Brewer and Michael J. Nash. The Chinese Wall security policy. In Proceedings of the Symposium on Security and Privacy, May 1989.

....policy, the current security server exercises all of the major interfaces of the security architecture. However, it may still be valuable to further validate that the current set of policy interfaces are sufficient by implementing other policies with dynamic characteristics, such as a Chinese Wall [3] or ORCON [8] policy. More Flexible Access Vector Cache Interfaces The current interface to the access vector cache allows the security server to perform the basic services of granting and revoking permissions. However, these interfaces also have a potentially limited flexibility in how they ....

David F. C. Brewer and Michael J. Nash. The Chinese wall security policy. In IEEE Symposium on Security and Privacy, pages 206--214, Oakland, CA, May 1989.

....Another limitation is that the certi cates can only convey policies where the rights of the entities grow monotonically as they acquire new certi cates. It is impossible to verify that someone does not have a certi cate. Consequently, separation of duty policies like the Chinese Wall policy [11] cannot be expressed with only certi cates. They need some mechanism for keeping track of the previously granted rights. Moreover, if several distributed issuers give out certi cates for di erent con icting rights, these issuers must share a single view of the subjects histories. The histories ....

David F. Brewer and Michael J. Nash. The Chinese wall security policy. In Proc. IEEE Symposium on Research in Security and Privacy, pages 206-214, Oakland, CA, May 1989. IEEE Computer Society Press.

....security requirements. Success in achieving a high level of security in a computer system thus depends on the degree of care put into designing, implementing and verifying its security policies. To that end, a security policy is often formalized or semi formalized in a security model ( BL76, CW87, BN89, San92b, WWK96] and many more) A security model provides a basis for a formal analysis of security properties (such as safety in [HRU76] Security Model Specification Implementation Technical Security Policy Organizational Security Policy Risk Analysis Security Requirements Figure 1: Steps in ....

David F.C. Bewer and Michael J. Nash. The Chinese Wall Security Policy. In Proceedings of the IEEE Symposium on Security and Privacy, pages 206--214. IEEE Computer Society Press, May 1989.

....While access control policies are appropriate for each of these examples, a different type of access control policy might be desired for each. Policies such as Type Enforcement [3] and Clark Wilson [5] can be used to address integrity concerns. Other policies such as MLS, Chinese Wall [4], and ORCON [10] can be used to address confidentiality concerns. However, no single policy is appropriate for all cases. A second reason for supporting a wide range of policies is that the set of threats against which each site must protect is constantly evolving. Some threats that are of concern ....

David F. C. Brewer and Michael J. Nash. The Chinese wall security policy. In IEEE Symposium on Security and Privacy, pages 206--214, Oakland, CA, May 1989.

....security requirements on our information processing systems. Security policies are now emerging that support the needs of individual organizations and applications, with the Bell LaPadula model (providing confidentiality) being only the first in an ever increasing multitude [BL76, Bib77, CW87, BN89, San92] As a consequence, the development of application dependent security policies and their integration into distributed systems has become a major challenge in computer security. Several security policies in modern applications address a wide variety of aspects of system security, such as ....

....per se and that make fine grain policy specification and verification more difficult and expensive. A solution to this problem is based on the observation that several well known security policies (as well as our own small example) are specified using algebraic techniques [BL76, Bib77, TW89, BN89] Algebraic specifications are closely related to the notion of abstract data types (ADTs) Hoa72, CW85] This affinity strongly suggests the implementation of security policies as abstract data types: encapsulated collections of data and algorithms. An ADT based implementation of the same policy ....

[Article contains additional citation context not shown here]

David F.C. Bewer and Michael J. Nash. The Chinese Wall Security Policy. In Proceedings of the Symposium on Security and Privacy, pages 206--214. IEEE Computer Society Press, May 1989.

....systems has confronted us with higher and more individual security requirements. Security policies have been developed that support the needs of individual applications, with the Bell LaPadula model (providing confidentiality) being only the first example in an ever increasing multitude [BL76, Bib77, CW87, BN89, San92]. In the next decade, the integration of application dependent security policies in a distributed computer system will become a major challenge in computer security. Several security policies in modern application systems address a wide variety of aspects of system security, such as access ....

....design requirements. While the TCSEC does not explicitly mention it, the privacy of the security policy itself is similarly vital: several security policies maintain state information (e.g. the labels of subjects and objects in a multilevel policy, company conflicts in the Chinese Wall policy [BN89, San92], or keys for issuing certificates in a X.509 certification authority [CCI88] that itself is confidential information. However, while mandatory security policies require a strict enforcement of the separation between an object and its controlling security policy, several discretionary security ....

David F.C. Brewer and Michael J. Nash. The Chinese Wall Security Policy. In Proceedings of the Symposium on Security and Privacy, pages 206--214. IEEE Computer Society, May 1989.

....access control policies allow an organization to define its security terms, and provide no path by which an individual can circumvent security. As security is generally first an organizational, and then an individual, concern, mandatory access control policies have become increasingly important [11, 9, 4]. Domain and type enforcement is mandatory in the sense that it is imposed on all relevant system operations and can only be changed by the security administrator. It is thus an appropriate means to mechanically enforce the security policy of a given environment DTE s constraints, however, can be ....

....with the same or a higher label. The lattice model, while precise, is not very intuitive or user friendly since access modes are implicit. It is not very flexible since the lattice structure dictates valid access modes. And, it only supports two different access modes, namely read and write [25, 11, 23, 9, 28]. The idea of domain and type enforcement as a more flexible and user friendly alternative to the lattice model is first developed by Boebert and Kain [8] They introduce the domain and type labels that represent an entity s privileges and access constraints and the access matrix that explicitly ....

David F. C. Brewer and Michael J. Nash. The Chinese Wall Security Policy. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 206--214, Oakland, California, May 1989.

....of the 7th Annual Canadian Computer Security Symposium, Ottawa, Canada 1995. Canadian System Security Centre, Communications Security Establishment, Ottawa, Canada 2 of 19 the Bell LaPadula model (providing confidentiality) being only the first in an everincreasing multitude [BL76, Bib77, CW87, BN89, San92a] As a consequence, the integration of application dependent security policies into a distributed multipolicy computer system has become a major challenge for computer security. Several security policies in modern application systems address a wide variety of aspects of system security, ....

....Policy This chapter demonstrates the use of the formal framework for describing a security policy in terms of a family language, integrating it into the trusted computing base of a computer system and glueing it together with an application system. As an example, we chose the Chinese Wall policy [BN89, San92b] The Chinese Wall policy is a commercial security policy found in companies providing financial consulting services to other, generally competing companies. While the policy allows a market analyst to access the data of companies that are not in competition with each other, the objective ....

[Article contains additional citation context not shown here]

David F.C. Bewer and Michael J. Nash. The Chinese Wall Security Policy. In Proceedings of the Symposium on Security and Privacy, pages 206--214. IEEE Computer Society, May 1989. of 19

No context found.

David F. C. Brewer and Michael J. Nash. The Chinese wall security policy. In Proceedings of the IEEE Symposium on Security and Privacy, pages 206--214, 1989.

No context found.

David F. C. Brewer and Michael J. Nash. The Chinese wall security policy. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 206--214, Oakland, California, May 1989.

No context found.

David F. Brewer and Michael J. Nash, The Chinese Wall security policy, Proceedings of the IEEE Symposium on Security and Privacy, pages 206-214, Oakland, CA, May 1989.

No context found.

David F. C. Brewer and Michael J. Nash. The Chinese Wall security policy. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 206--214, Oakland, California, May 1989. Also available at http://www.gammassl.co.uk/topics/chinesewall.html.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC