Outline for May 12, 2005
-
Chinese Wall Policy
-
Arises as legal defense to insider trading on London stock exchange
-
Low-level entities are objects; all objects concerning the same corporation form a CD (company dataset); CDs whose corporations are in competition are grouped into COIs (Conflict of Interest classes)
-
Intuitive goal: keep one subject from reading different CDs in the same COI, or reading one CD and writing to another in same COI
-
Simple Security Property: Read access granted if the object (a) is in the same CD as an object already accessed by the subject, or (b) is in a CD in an entirely different COI. Assumes correct initialization
-
Theorems: (1) Once a subject has accessed an object, only other objects in that CD are available within that COI; (2) subject has access to at most 1 dataset in each COI class
-
Exceptions: sanitized information
-
*-Property: Write access is permitted only if (a) read access is permitted by the simple security property; and (b) no object in a different CD in that COI can be read, unless it contains sanitized information
-
Key result: information can only flow within a CD or from sanitized information
-
Comparison to BLP: (1) ability to track history; (2) in CW, subjects choose which objects they can access but not in BLP; (3) CW requires both mandatory and discretionary parts, BLP is mandatory only.
-
Comparison to Clark-Wilson: specialization of Clark-Wilson
-
CISS
-
Intended for medical records; goals are confidentiality, authentication of annotatorsa and integrity
-
Patients, personal health information, clinician
-
Assumptions and origin of principles
-
Access principles
-
Creation principle
-
Deletion principle
-
Confinement principle
-
Aggregation principle
-
Enforcement principle
-
Comparison to Bell-LaPadula: lattice structure but different focus
-
Comparison to Clark-Wilson: specialization
-
ORCON
-
Originator controls distribution
Here is a PDF version of this document.