ABSTRACT
The Chinese Wall security policy states that information from objects that are to be confidential from one another should not flow to a subject. It addresses conflict of interest, and was first articulated in the well-cited work of Brewer and Nash, which proposes also an enforcement mechanism for the policy. Work subsequent to theirs has observed that their enforcement mechanism is overly restrictive -- authorization states in which the policy is not violated may be rendered unreachable. We present two sets of novel results in this context. In one, we present an enforcement mechanism for the policy that is simple and efficient, and least-restrictive -- an authorization state is reachable if and only if it does not violate the policy. In our enforcement mechanism, the actions of a subject can constrain the prospective actions of another, a trade-off that we show every enforcement mechanism that is least-restrictive must incur. Our other set of results is that the enforcement mechanism of Brewer-Nash is even more restrictive than previous work establishes. Specifically, we show: (1) what is called the *-rule is overspecified in that one of its sub-rules implies the other, and, (2) if a subject is authorized to write to an object that contains confidential information, then all objects that contain confidential information must belong to the same conflict of interest class. Our work sheds new light on what is generally considered to be important work in information security.
- J. A. and Meseguer J. Goguen. Security policies and security models. In Proceedings of the 1982 IEEE Symposium on Security and Privacy, pages 11--20, 1982.Google ScholarCross Ref
- J. A. and Meseguer J. Goguen. Unwinding and inference control. In Proceedings of the 1984 IEEE Symposium on Security and Privacy, pages 75--86, 1984.Google ScholarCross Ref
- Ross Anderson. Security Engineering -- A Guide to Building Dependable Distributed Systems. Wiley, 2008. Google ScholarDigital Library
- Vijayalakshmi Atluri, Soon Ae Chun, and Pietro Mazzoleni. A chinese wall security model for decentralized workflow systems. In Proceedings of the 8th ACM conference on Computer and Communications Security, CCS '01, pages 48--57, New York, NY, USA, 2001. ACM. Google ScholarDigital Library
- Matt Bishop. Computer Security: Art and Science. Addison-Wesley Professional, Boston, MA, 2003.Google Scholar
- D.F.C. Brewer and M.J. Nash. The chinese wall security policy. In Proceedings of the IEEE Symposium on Security and Privacy, pages 206--214, may 1989.Google ScholarCross Ref
- Michael Davis and Andrew Stark, editors. Conflict of Interest in the Professions. Oxford University Press, USA, October 2001.Google Scholar
- Guy Edjlali, Anurag Acharya, and Vipin Chaudhary. History-based access control for mobile code. In Proceedings of the 5th ACM conference on Computer and communications security, CCS '98, pages 38--48, New York, NY, USA, 1998. ACM. Google ScholarDigital Library
- Robert W. Floyd. Algorithm 97: Shortest path. Commun. ACM, 5(6):345--, June 1962. Google ScholarDigital Library
- P.W.L. Fong. Access control by tracking shallow execution history. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 43--55, may 2004.Google ScholarCross Ref
- Dieter Gollmann. Computer Security (3. ed.). Wiley, 2011. Google ScholarDigital Library
- Sushil Jajodia, Pierangela Samarati, V. S. Subrahmanian, and Eliza Bertino. A unified framework for enforcing multiple access control policies. In Proceedings of the 1997 ACM SIGMOD international conference on Management of data, SIGMOD '97, pages 474--485, New York, NY, USA, 1997. ACM. Google ScholarDigital Library
- Volker Kessler. On the chinese wall model. In Proceedings of the European Symposium on Research in Computer Security, ESORICS, pages 41--54, 1992. Google ScholarDigital Library
- Jay Ligatti, Lujo Bauer, and David Walker. Run-time enforcement of nonsafety policies. ACM Trans. Inf. Syst. Secur., 12(3):19:1--19:41, January 2009. Google ScholarDigital Library
- T.Y. Lin. Chinese wall security policy-an aggressive model. In Proceedings of the Fifth Annual Computer Security Applications Conference, ACSAC, pages 282--289, dec 1989.Google Scholar
- Peter Loscocco and Stephen Smalley. Integrating flexible support for security policies into the linux operating system. In USENIX Annual Technical Conference, FREENIX Track, pages 29--42, 2001. Google ScholarDigital Library
- Ravi S. Sandhu. Lattice-based enforcement of chinese walls. Computers & Security, 11(8):753--763, 1992. Google ScholarDigital Library
- Ravi S. Sandhu. A lattice interpretation of the chinese wall policy. In Proceedings of the 15th National Computer Security Conference, NISSC, pages 221--235, October 1992.Google Scholar
- Fred B. Schneider. Enforceable security policies. ACM Trans. Inf. Syst. Secur., 3(1):30--50, February 2000. Google ScholarDigital Library
- Google Scholar. The chinese wall security policy -- brewer and nash, citation count, September 2012. http://scholar.google.ca/scholar?hl=en&q=the+chinese+wall+security+poli%cy&btnG=&as_sdt=1%2C5&as_sdtp=.Google Scholar
- Ann E. Kelley Sobel and Jim Alves-Foss. A trace-based model of the chinese wall security policy. In Proceedings of the 22nd National Information Systems Security Conference, NISSC, 1999.Google Scholar
- Tien-Hao Tsai, Yen-Chung Chen, Hsiu-Chuan Huang, Pei-Ming Huang, Kuo-Sen Chou, and Kuo-Sen Chou. A practical chinese wall security model in cloud computing. In Network Operations and Management Symposium (APNOMS), pages 1--4, 2011.Google ScholarCross Ref
- Stephen Warshall. A theorem on boolean matrices. J. ACM, 9(1):11--12, January 1962. Google ScholarDigital Library
- Ruoyu Wu, Gail-Joon Ahn, Hongxin Hu, and M. Singhal. Information flow control in cloud computing. In Proceedings of the 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pages 1--7, October 2010.Google ScholarCross Ref
Index Terms
- Least-restrictive enforcement of the Chinese wall security policy
Recommendations
Security policy compliance with violation management
FMSE '07: Proceedings of the 2007 ACM workshop on Formal methods in security engineeringA security policy of an information system is a set of security requirements that correspond to permissions, prohibitions and obligations to execute some actions when some contextual conditions are satisfied. Traditional approaches consider that the ...
Model-driven run-time enforcement of complex role-based access control policies
ASE '18: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software EngineeringA Role-based Access Control (RBAC) mechanism prevents unauthorized users to perform an operation, according to authorization policies which are defined on the user’s role within an enterprise. Several models have been proposed to specify complex RBAC ...
Authorization policy specification and enforcement for group-centric secure information sharing
ICISS'11: Proceedings of the 7th international conference on Information Systems SecurityIn this paper, we propose a methodology for incremental security policy specification at varying levels of abstraction while maintaining strict equivalence with respect to authorization state. We specifically consider the recently proposed group-centric ...
Comments