cs 556 – computer security spring 2018cs556/lecture-notes/chinese-wall.pdf · dr. indrajit ray,...
TRANSCRIPT
![Page 1: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/1.jpg)
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 1 / 35
CS 556 – Computer Security
Spring 2018
Dr. Indrajit Ray
Email: [email protected]
Department of Computer Science
Colorado State University
Fort Collins, CO 80523, USA
![Page 2: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/2.jpg)
CHINESE WALL MODEL
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 2 / 35
![Page 3: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/3.jpg)
Chinese Wall Policy
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 3 / 35
● Arises in the financial segment of the commercial sector, which
provides consulting services to other companies
● Consultants have to deal with confidential company information
for their clients
● Objective of the Chinese Wall policy is to prevent information
flow that cause conflict of interest for individual consultants
![Page 4: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/4.jpg)
Chinese Wall Policy
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 4 / 35
● Example of a commercial security policy for confidentiality
● Mixture of free choice (discretionary) and mandatory controls
● Requires some kind of dynamic labeling
● Brewer-Nash model (1989) for Chinese Wall policy
✦ Claim that the Chinese Wall policy cannot be represented
correctly by a lattice based model
![Page 5: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/5.jpg)
Chinese Wall Policy
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 5 / 35
IndividualObjects
Conflict of
Interest Classes
CompanyDatasets
All Objects
BANKS Oil Companies
A B X Y
A consultant can accessinformation about at mostone company in each conflict of interest class
![Page 6: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/6.jpg)
BREWER NASH MODEL FOR CHINESE
WALL POLICY
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 6 / 35
![Page 7: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/7.jpg)
BN Simple Security – Read Access
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 7 / 35
● Subject S can read object O only if
✦ Object O is in the same company dataset as some object O′,
previously read by subject S (that is O is within the wall), OR
✦ Object O belongs to a conflict of interest class within which
subject S has not yet read any object (that is O is in the
open)
![Page 8: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/8.jpg)
BN * Property – Write Access
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 8 / 35
● Subject S can write object O only if
✦ Subject S can read object O by the simple security rule,
AND
✦ No object, O′, can be read which is in a different company
dataset to the one for which write access is required
![Page 9: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/9.jpg)
Reason for BN * Property
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 9 / 35
Bank AOil Company X
Bank BOil Company X
Alices’ Wall Bob’s Wall
Cooperating trojan Horses can transfer Bank A information to Bank Bobjects, and vice versa, using Oil Company X objects as intermediaries
![Page 10: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/10.jpg)
BREWER NASH MODEL DISCUSSION
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 10 / 35
![Page 11: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/11.jpg)
Implication of BN * Property
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 11 / 35
● Either
✦ Subject S cannot write at all
● Or
✦ Subject S is limited to reading and writing one company
dataset
![Page 12: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/12.jpg)
Dynamic Aspect of Chinese Wall
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 12 / 35
● A fresh new consultant hire can access information about any
company in the database
✦ Thus he/she can start at any level
● As the new hire advances, he/she acquires more information
✦ With BN model therefore we have to have a different
consultant for every company dataset
![Page 13: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/13.jpg)
Why This Impasse?
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 13 / 35
● Failure to clearly distinguish user labels from subject labels
✦ Users should be trusted
✦ Subjects can contain Trojan Horses so cannot be trusted
![Page 14: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/14.jpg)
Users, Principals and Subjects
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 14 / 35
USER
PRINCIPAL 1
PRINCIPAL 2
PRINCIPAL n
PRINCIPAL 1’sSUBJECTS
PRINCIPAL 1’sSUBJECTS
PRINCIPAL 1’sSUBJECTS
![Page 15: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/15.jpg)
Users, Principals and Subjects
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 15 / 35
● A principal is basically a login session
● A user is essentially a collection of principals
● A subject is basically a process running on behalf of the principal
✦ A principal can be a collection of several subjects
![Page 16: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/16.jpg)
Users, Principals and Subjects
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 16 / 35
Alice.BANK A Alice.OIL COMPANY X
Alice.OIL COMPANY X
Alice.BANK A
Alice.novice
Alice
USER PRINCIPALS
![Page 17: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/17.jpg)
CHINESE WALL POLICY AS INSTANCE OF
LBAC
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 17 / 35
![Page 18: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/18.jpg)
Chinese Wall Lattice
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 18 / 35
● To properly understand and enforce information security policies
we must distinguish between
✦ policy applied to user and
✦ policy applied to pricipals and subjects
● The Brewer-Nash star property should apply to Alice’s pricipals
not to Alice the user
● A lattice implementation of Chinese Wall should allow dynamic
creation of principals rather than dynamic labelling of subjects
![Page 19: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/19.jpg)
Chinese Wall Lattice
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 19 / 35
● We have to define
✦ The set of security classes
✦ The security class combining operator
✦ The can-flow relation
● Achieved with the help of 9 Axioms
![Page 20: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/20.jpg)
Axioms 1 and 2
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 20 / 35
● Axiom 1:
✦ There are “n” conflict of interest classes COI1, COI2, . . .,
COIn
● Axiom 2:
✦ Each conflict of interest class COIi consists of mi companies
■ That is COIi = {1, 2, . . ., mi}
![Page 21: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/21.jpg)
Axiom 3
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 21 / 35
● Labels for Objects
✦ Label each object in the system with the companies from
which it contains information. Obviously an object cannot
contain information from two companies from the same
conflict of interest class
● A security label is an “n” element vector [i1, i2, . . ., in], where
each ik ∈ COIk or ik = ⊥ (null)
✦ LABELS = {[i1, i2, . . ., in] | i1 ∈ COI′1, . . ., in ∈ COI′n, where
COI′1= COI1 ∪ {⊥}, . . ., COI′n = COIn ∪ {⊥}
![Page 22: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/22.jpg)
Axiom 3 – Illustration
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 22 / 35
● Example
✦ Assume 5 different COI classes
✦ An object which contains information only from company #4
in COI3 will be labeled by the vector [⊥, ⊥, 4, ⊥, ⊥]
● Note
✦ A label which has all ⊥ elements corresponds to public
information
![Page 23: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/23.jpg)
Axiom 4
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 23 / 35
● Special label for system high
✦ EXTLABELS = LABELS ∪ {SYSHIGH}
![Page 24: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/24.jpg)
Axiom 5
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 24 / 35
● Dominance relation among labels
✦ Let l j[ik] represent the ikth element of label l j
✦ (∀lp,lq ∈ LABELS)[(lp ≥ lq ⇐⇒ ∀ik = 1, . . ., n (lp[ik] = lq[ik])
∨ (lq[ik] = ⊥)]
✦ That is lp dominates lq provided that lp and lq agree
wherever lq 6= ⊥
![Page 25: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/25.jpg)
Axiom 5 - Examples
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 25 / 35
● [1,3,2] is a label for an object with information from company #1
in COI1, company #3 in COI2 and company #2 in COI3
● [1,3,⊥] is a label for an object with information from company #1
in COI1, company #3 in COI2 and no information from any
company in COI3
● [1,3,2] > [1,3,⊥]
![Page 26: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/26.jpg)
Axiom 5 - More Examples
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 26 / 35
● [1,3,1] > [⊥,⊥,1]
● [⊥,3,⊥] and [⊥,2,⊥] are incomparable (that is none dominates
the other)
![Page 27: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/27.jpg)
Axiom 6
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 27 / 35
● To account for system high
✦ (∀l ∈ EXTLABELS)[SYSHIGH ≥ l]
✦ That is SYSHIGH dominates all other labels
![Page 28: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/28.jpg)
Axiom 7
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 28 / 35
● Compatible labels
✦ lp, lq ∈ LABELS are compatible iff (∀k = 1, . . ., n)[(lp[ik] =lq[ik]) ∨ (lp[ik] = ⊥) ∨ (lq[ik] = ⊥)]
✦ Intuitively information from compatible incomparable classes
can be combined without violating the Chinese Wall policy
![Page 29: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/29.jpg)
Axiom 7 Example
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 29 / 35
● [⊥,3,⊥] and [⊥,2,⊥] are incompatible
✦ They are also incomparable
● [1,⊥,2] and [1,2,⊥] are compatible
✦ They are incomparable, though
● [1,3,1] and [⊥,⊥,1] are compatible
✦ They are also comparable
✦ By definition comparable labels are compatible
![Page 30: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/30.jpg)
Axiom 8
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 30 / 35
● Class combining (or ⊕) operation
✦ Compatible labels are combined as follows – if lp is
compatible with lq then lp ⊕ lq = ls, where
ls[ik] =
{
lp[ik] if lp[ik] 6= ⊥lq[ik] otherwise
![Page 31: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/31.jpg)
Axiom 8 (continued)
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 31 / 35
● Class combining (or ⊕) operation
✦ Incompatible classes are combined as follows – if lp is
incompatible with lq then
lp ⊕ lq = SYSHIGH
✦ If lp ≥ lq then lp ⊕ lq = lp
✦ If lq ≥ lp then lp ⊕ lq = lq
![Page 32: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/32.jpg)
Axiom 8 Example
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 32 / 35
● [1,⊥,2] is compatible with [1,2,⊥]
✦ [1,⊥,2] ⊕ [1,2,⊥] = [1,2,2]
● [1,2,⊥] ≥ [1,⊥,⊥]
✦ [1,2,⊥] ⊕ [1,⊥,⊥] = [1,2,⊥]
![Page 33: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/33.jpg)
Axiom 9
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 33 / 35
● Class combining with respect to SYSHIGH
✦ (∀l ∈ EXTLABELS)[l ⊕ SYSHIGH = SYSHIGH]
![Page 34: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/34.jpg)
Example of a Chinese Wall Lattice
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 34 / 35
[1, 1] [1, 2] [2, 1] [2, 2]
SYSHIGH
[⊥, ⊥]
[1, ⊥] [⊥, 1] [⊥, 2] [2, ⊥]
![Page 35: CS 556 – Computer Security Spring 2018cs556/lecture-notes/chinese-wall.pdf · Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University](https://reader034.vdocuments.us/reader034/viewer/2022042209/5ead8f72341c30715a595a19/html5/thumbnails/35.jpg)
Assigning Labels to Users
CHINESE WALL
MODEL
BREWER NASH MODEL
FOR CHINESE WALL
POLICY
BREWER NASH MODEL
DISCUSSION
CHINESE WALL
POLICY AS INSTANCE
OF LBAC
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 35 / 35
● The label of a user is a high water mark that can float up in the
Chinese Wall lattice starting with [⊥, ⊥, . . ., ⊥]
● With each user a set of principals are associated, one at at each
label dominated by a user’s label
✦ For example if Alice, the user, has a label [1, 2], then Alice
has the following set of principals – Alice.[1, ⊥], Alice.[⊥, 2]
and Alice.[⊥, ⊥]
✦ Alice can log in as any one of these pricipals at any given
time.