INFORMATION SECURITY AND AUDIT
1. Overview of information security
2. Information and Network Security Policies
3. Cryptography and PKI
4. Network security applications
5. Design Principles
6. Compliance, Evaluation system and Law
7. Malicious logic and attacks
8. Vulnerability analysis and IT Audit
9. Intrusion detection and log analysis
LAB WORK -ISA
SOLVED PRACTICE QUESTIONS
PREV NEXT

Chinese Wall Model

The Chinese Wall Model, also known as the Brewer-Nash Model, is an information security model designed to prevent conflicts of interest within a corporation or organization. It achieves this by controlling access to information based on previously accessed data, ensuring that no subject can access conflicting information sets. The model was introduced by David F.C. Brewer and Michael J. Nash in 1989.

  1. Conflict of Interest Classes:
    • Information within the system is divided into different conflict of interest classes. Each class contains datasets that could potentially lead to a conflict of interest if accessed together by the same subject.
    • For example, datasets related to competing companies would be placed in separate conflict of interest classes.
  2. Company Datasets:
    • Each conflict of interest class contains multiple company datasets. A company dataset includes all information related to a specific company.
    • Subjects (users) are allowed to access multiple datasets as long as they do not belong to different conflict of interest classes.
  3. Subjects:
    • Subjects in the system are typically users or processes that request access to information.
    • Access decisions are based on the subject’s previous accesses to ensure no conflicts arise.

Rules for Chinese Wall Model

  1. Simple Security Rule (No Read Across):
    • A subject can read data from any one company dataset as long as the subject has never accessed data from another conflicting dataset.
    • This rule ensures that a user who has accessed data from one company cannot access data from a competitor within the same conflict of interest class.
  2. Star Property (No Write Across):
    • A subject can write to a dataset if, and only if, they cannot read any data that would create a conflict of interest.
    • This rule prevents users from writing information in a way that could disclose sensitive information to conflicting parties.

Dynamic Nature

  • One of the unique aspects of the Chinese Wall Model is its dynamic nature. Access decisions are based on the history of the subject’s accesses, which means the system's state changes over time as users access different datasets.
  • This dynamic control helps to maintain ongoing protection against conflicts of interest as subjects interact with various datasets.

Applications

  • Financial and Investment Firms: To prevent insider trading and ensure that analysts do not access information about competing companies that could lead to conflicts of interest.
  • Legal Firms: To ensure that lawyers or legal consultants do not access information from competing clients, maintaining confidentiality and impartiality.
  • Consulting Firms: To prevent consultants from accessing sensitive information from clients that may compete with each other.

Advantages

  • Prevents Conflicts of Interest: By controlling access based on conflict classes, the model effectively prevents conflicts of interest.
  • Dynamic Control: The model adapts to the user’s access history, providing flexible and real-time access control.
  • Simplicity: The conceptual framework is straightforward and easy to understand, making it practical for implementation in specific contexts.

 

PREV NEXT