The Chinese Wall security policy

@article{Brewer1989TheCW,
  title={The Chinese Wall security policy},
  author={D. Brewer and Michael J. Nash},
  journal={Proceedings. 1989 IEEE Symposium on Security and Privacy},
  year={1989},
  pages={206-214}
}
The authors explore a commercial security policy (the Chinese Wall) which represents the behavior required of those persons who perform corporate analysis for financial institutions. It can be distinguished from Bell-LaPadula-like policies by the way that a user's permitted accesses are constrained by the history of his previous accesses. It is shown that the formal representation of the policy correctly permits a market analyst to talk to any corporation which does not create a conflict of… Expand

Figures and Topics from this paper

A Lattice Interpretation Of The Chinese Wall Policy
The Chinese Wall policy was identi ed and so named by Brewer and Nash [2]. This policy arises in the segment of the commercial sector which provides consulting services to other companies.Expand
Lattice-based enforcement of Chinese Walls
TLDR
It is demonstrated that the Brewer-Nash model of the Chinese Wall policy is too restrictive to be employed in a practical system and can be easily represented within the Bell-LaPadula framework. Expand
Least-restrictive enforcement of the Chinese wall security policy
TLDR
An enforcement mechanism for the Chinese Wall security policy is presented that is simple and efficient, and least-restrictive -- an authorization state is reachable if and only if it does not violate the policy. Expand
Chinese wall security policy-an aggressive model
  • T. Lin
  • Computer Science
  • [1989 Proceedings] Fifth Annual Computer Security Applications Conference
  • 1989
TLDR
A modified Brewer and Nash model without BN-axiom is defined and a new formal model is introduced in which Chinese Walls are built right on the boundary of China-an aggressive model for Chinese Wall security policy. Expand
Mandatory Access Control 8.1 Multi-level Security
    With discretionary access control (DAC) policies, authorization to perform operations on an object is controlled by the object's owner or by principals whose authority can be traced back to thatExpand
    A T Race-based Model of the Chinese Wall Security P Olicy
    The Chinese Wall security policy is a well known information control policy used in the commercial world to specify control over information when con icts of interest arise A trace based informationExpand
    A T Race-based Model of the Chinese Wall Security P Olicy
    The Chinese Wall security policy is a well known information control policy used in the commercial world to specify control over information when con icts of interest arise. A tracebased informationExpand
    A Chinese Wall approach to privacy policies for the Web
    • Frans A. Lategan, M. Olivier
    • Business, Computer Science
    • Proceedings 26th Annual International Computer Software and Applications
    • 2002
    TLDR
    This work proposes a conceptual method to extend P3P in order to add more flexibility to the decision on whether or not a given item of private information will be supplied to a target organisation by using the Chinese Wall security policy. Expand
    Security Management and Policies
    Publisher Summary This chapter describes some common and influential policy models. Other policy models speak to different types of policies. For example, the Chinese Wall model deals with conflictsExpand
    Separation of Duty Model Based on Chinese Wall Security Policy
    TLDR
    A model of history-based separation of duty is implemented and it tracks the history of user's previous permissions record from which the current permissions assigned to can be determined, and it provides a more perfect access control stratagem. Expand
    ...
    1
    2
    3
    4
    5
    ...

    References

    SHOWING 1-10 OF 11 REFERENCES
    A Comparison of Commercial and Military Computer Security Policies
    TLDR
    It is argued that a lattice model is not sufficient to characterize integrity policies, and that distinct mechanisms are needed to Control disclosure and to provide integrity. Expand
    Report of the Invitational Workshop on Integrity Policy in Computer Information Systems (WIPCIS)
    TLDR
    The workshop established a foundation for further progress in defining a model for information integrity and proposed a proposal by the National Bureau of Standards for continuing the effort to define an integrity policy. Expand
    The algebra of security
    • J. McLean
    • Computer Science
    • Proceedings. 1988 IEEE Symposium on Security and Privacy
    • 1988
    A general framework is developed in which various mandatory access control security models that allow changes in security levels can be formalized. These models form a Boolean algebra. The frameworkExpand
    Secure Computer System: Unified Exposition and Multics Interpretation
    TLDR
    A suggestive interpretation of the model in the context of Multics and a discussion of several other important topics (such as communications paths, sabotage and integrity) conclude the report. Expand
    The Corporate Implications of Commercial Security Policies
    • Proceedings of Corporate Computer Security 89,
    • 1989
    Secure Computer Systems: Unified Exposition and Multics Interpretation" ESD-TR-75-306
    • MTR 2997
    • 1976
    The Corporate Implications of Commercial Security Policies
    • Proceedings of Corporate Computer Security 89
    • 1989
    WIPCIS "Report of the Invitational Workshop on Integrity Policy in Computer Information Systems (WIPCIS)" Published by the NIST (formerly the NBS)
    • WIPCIS "Report of the Invitational Workshop on Integrity Policy in Computer Information Systems (WIPCIS)" Published by the NIST (formerly the NBS)
    • 1988
    Her Majesty's Stationery Office, London, Financial Services Act
    • Her Majesty's Stationery Office, London, Financial Services Act
    • 1986
    Secure Computer Systems: Unified Exposition and Multics Interpretation" ESD-TR-75-306, MTR 2997 Rev. 1, The MITRE Corporation
    • Secure Computer Systems: Unified Exposition and Multics Interpretation" ESD-TR-75-306, MTR 2997 Rev. 1, The MITRE Corporation
    • 1976
    ...
    1
    2
    ...