Access Control Models Part II Elisa Bertino CERIAS and CS ECE Departments Purdue University Elisa Bertino Pag 1 Purdue University Introduction Other models The Chinese Wall Model it combines elements of DAC and MAC RBAC Model it is a DAC model however it is sometimes considered a policy neutral model T RBAC it is an example of access control model that takes contextual information into account The Information Flow model generalizes the ideas underlying MAC The Biba Model relevant for integrity Elisa Bertino Pag 2 Purdue University The Chinese Wall Access Control Model Elisa Bertino Pag 3 Purdue University Table of Contents Conflict of Interests Chinese Wall Policy Information classification Read Rule Write Rule Criticisms to this model R Sandu Elisa Bertino Pag 4 Purdue University Elisa Bertino Pag 5 Purdue University Elisa Bertino Pag 6 Purdue University Conflict of Interest It is a well known concept An example in the financial world is that of a market analyst working for a financial institution providing corporate business services Such analyst must uphold the confidentiality of information provided to him by his firm s client this means he she cannot advise corporations where he she has insider knowledge of the plans status and standing of a competitor However the analyst is free to advice corporations which are not in competition with each other and also to draw on general market information Elisa Bertino Pag 7 Purdue University Chinese Wall Policy Introduced by Brewer and Nash in 1989 The motivation for this work was to avoid that sensitive information concerning a company be disclosed to competitor companies through the work of financial consultants It dynamically establishes the access rights of a user based on what the user has already accessed Elisa Bertino Pag 8 Purdue University Chinese Wall Policy Subjects Active entities accessing protected objects Objects Data organized according to 3 levels Information DataSet Conflict of Interest CoI classes Access Rules Read rule Write rule Elisa Bertino Pag 9 Purdue University Data Classification Set of All Objects CoI 2 CoI 1 Bank A Info Info Bank B Info Elisa Bertino Info Info CoI 3 Gas A Oil A Info Info Pag 10 Oil B Info Info Purdue University Read Rule Read Rule A subject S can read an object O if O is in the same Dataset as an object already accessed by S OR O belongs to a CoI from which S has not yet accessed any information Bank A R R Consultant R X Bank B R Gas A Elisa Bertino R Oil B Pag 11 Purdue University Read Rule John Set of All Objects CoI 2 COI CoI 11 Bank A Info Info Info Elisa Bertino Bank B Info Info COI CoI 33 Gas A Oil A Info Info Pag 12 Oil B Info Info Purdue University Comparison with Bell LaPadula The Chinese Wall Policy is a combination of free choice and mandatory control Initially a subject is free to access any object it wishes Once the initial choice is made a Chinese Wall is created for that user around the dataset to which the object belongs Note also that a Chinese Wall can be combined with DAC policies Elisa Bertino Pag 13 Purdue University Write Rule The Read Rule does not prevent indirect flow of information Consider the following case John has access to Oil A and Bank A Jane has access to Oil B and Bank A If John is allowed to read Oil A and write into Bank A it may transfer information about Oil A that can then be read by Jane Elisa Bertino Pag 14 Purdue University Write Rule John COI CoI 11 Bank A ABC Info Info Info Elisa Bertino Set of all objects CoI 2 Gas A Info Pag 15 COI CoI 33 Oil A ABC Info Purdue University Write Rule Set of all objects Jane COI 2 COI 1 Bank B ABC Info Elisa Bertino Info Gas A Info Pag 16 COI 3 Oil A ABC Info Purdue University Write Rule Write Rule A subject S can write an object O if S can read O according to the Read Rule AND No object has been read by S which is in a different company dataset to the one on which write is performed Bank B Bank A Elisa Bertino W X Consultant A R Consultant B Pag 17 R X Oil B W Purdue University Write Rule Thus according to the write rule The flow of information is confined to its own company dataset Elisa Bertino Pag 18 Purdue University Sanitized Information Brewer and Nash recognize the need for analysts to be able to compare information they have with that relating to other corporations Thus they recognize that access restriction can be lifted for sanitized information Sanitization takes the form of disguising a corporation s information so to prevent the discovery of that corporation identity Elisa Bertino Pag 19 Purdue University Criticisms to the Model R Sandhu The Write Rule of BN is very restrictive A user that has read objects from more than one dataset is not able to write any object The user can only read and write objects from a single dataset Elisa Bertino Pag 20 Purdue University References Rick Wayman What is the Chinese Wall and why is it in the News ResearchStorck com 2001 D Brewer and Dr M Nash The Chinese Wall Policy Proc In IEEE Symposium on Research in Security and Privacy May 1989 Oakland California Ravi S Sandhu A lattice Interpretation of the Chinese Wall Policy Proc Of 15th NIST NCSC National Computer Security Conference Ottobre 1992 Baltimore USA V Atluri S Chun P Mazzoleni A Chinese Wall Security Model for Decentralized Workflow Systems Proc of 8th ACM Conference on Computer and Communications Security CCS 8 Novembre 2001 Philadelphia USA Elisa Bertino Pag 21 Purdue University Role Based Access RBAC Control Model Elisa Bertino Pag 22 Purdue University RBAC Motivations One challenging problem in managing large systems is the complexity of security administration Whenever the number of subjects and objects is high the number of authorizations can become extremely large Moreover if the user population is highly dynamic the number of grant and revoke operations to be performed can become very difficult to manage Elisa Bertino Pag 23 Purdue University RBAC Motivations End users often do not own the information for which they are allowed access The corporation or agency is the actual owner of data objects Control is often based on employee functions rather than data ownership RBAC has been proposed as an alternative approach to DAC and MAC both to simplify the task of access control management and to directly support function based access control Elisa Bertino Pag 24 Purdue University RBAC Basic Concepts Roles represent functions within a given organization and authorizations are granted to roles instead of
View Full Document
Unlocking...