Outline for February 2, 1999

1. Greetings and felicitations!
   1. Change in office hours: now TuTh11-12 (this matches what I have on my door)
2. Chinese Wall Policy
   1. Arises as legal defense to insider trading on London stock exchange
   2. Low-level entities are objects; all objects concerning the same corporation form a CD (company dataset); CDs whose corporations are in competition are grouped into COIs (Conflict of Interest classes)
   3. Intuitive goal: keep one subject from reading different CDs in the same COI, or reading one CD and writing to another in same COI
   4. Simple Security Property: Read access granted if the object (a) is in the same CD as an object already accessed by the subject, or (b) is in a CD in an entirely different COI. Assumes correct initialization
   5. Theorems: (1) Once a subject has accessed an object, only other objects in that CD are available within that COI; (2) subject has access to at most 1 dataset in each COI class
   6. Exceptions: sanitized information
   7. * Property: Write access is permitted only if (a) read access is permitted by the simple security property; and (b) no object in a different CD in that COI can be read, unless it contains sanitized information
   8. Comparison to BLP: (1) ability to track history; (2) in CW, subjects choose which objects they can access but not in BLP; (3) CW requires both mandatory and discretionary parts, BLP is mandatory only.
3. ORCON
   1. Originator controls distribution
   2. DAC, MAC inadequate
   3. Solution is combination
4. Role-based Access Control (RBAC)
   1. Definition of role
   2. Partitioning as job function
   3. Discuss Data General model