Affordable Access

Publisher Website

Lattice-based enforcement of Chinese Walls

Authors
Journal
Computers & Security
0167-4048
Publisher
Elsevier
Publication Date
Volume
11
Issue
8
Identifiers
DOI: 10.1016/0167-4048(92)90131-a
Keywords
  • Chinese Wall Policy
  • Lattice Model
  • Bell-Lapadula Model
Disciplines
  • Mathematics

Abstract

Abstract The Chinese Wall policy was identified and so named by Brewer and Nash. This policy arises in the financial segment of the commercial sector, which provides consulting services to other companies. Consultants naturally have to deal with confidential company information for their clients. The objective of the Chinese Wall policy is to prevent information flows which cause conflict of interest for individual consultants. Brewer and Nash develop a mathematical model of the Chinese Wall policy, on the basis of which they claim that this policy “cannot be correctly represented by a Bell-LaPadula model.” In this paper we demonstrate that the Brewer-Nash model is too restrictive to be employed in a practical system. This is due to their treatment of users and subjects as synonymous concepts, with the consequence that they do not distinguish security policy as applied to human users versus security policy as applied to computer subjects. By maintaining a careful distinction between users, principals and subjects, we show that the Chinese Wall policy is just another lattice-based information policy which can be easily represented within the Bell-LaPadula framework.

There are no comments yet on this publication. Be the first to share your thoughts.