Chinese Wall Model Flashcards
What is the main motivation behind the Chinese Wall Model?
The core motivation for the Chinese Wall Model is to protect against conflicts of interest.
This model will prevent a given subject from ever accessing information that may be of conflicting interest. One simple example is that an advisor should not consult two competing clients as this can lead to a situation where confidential information is leaked between two conflicting objects.
This model prevents this from happening by not allowing a subject to access some piece of information if it is in conflict previously accessed information, e.g., talks with a competing client.
What factors are used to determine access in the Chinese Wall Model?
Access is granted or rejected based on:
- The subject making the request.
- The object requested access to.
- The access history of the subject.
How are objects structured in the Chinese Wall Model?
Objects are organized according to three levels:
- The first level is the information itself contained in the object, i.e., the content of a file.
- Information is contained within a company dataset (CD). Here we will find all information related to one company.
- Every CD is placed in conflict of interest classes (COI). No one subject can access information from two companies if they are situated in the same COI.
How is read and write affected by the restrictions of the Chinese Wall Model?
Given the conflict of interest restrictions imposed by the Chinese Wall Model, a given subject can only read one CD from a COI.
Writing is confined to a single dataset. Thus, if a subject s can read an object o, then s can only write to o’ if o and o’ are in the dataset. This is to avoid indirect sharing of information across different COIs.
How are the different components of the Chinese Wall Model formalized?
The components and operations in the CW model are formalized as:
S is the set of subjects
O is the set of objects
L = COI * CD is the set of labels
L1: o -> is a function mapping objects to their COI classes
L2: o -> is a function mapping objects to their CDs.
H(s, o) is the access history of s and returns true if it has ever accessed o.
R(s, o) is simply s requesting access to o.
How does the CW model compare to Bell-LaPadula?
The CW model combines mandatory access control with some free choice (free to select initial object in a COI). Once a decision is made, the model “builds a wall around the dataset” to ensure that the user does not access other datasets in the COI. The CW model can easily be combines with discretionary access control models such as BLP to provide clearance levels for subjects and objects.
The models possess many of the same properties even if they are enforced differently. They can also be combined to add more complexity and finer granularity.
