Computer Security Hybrid Policies

1
Computer SecurityHybrid Policies
2
Chinese Wall model

• The security policies address both
  confidentiality and integrity.
• Primitives
• A database of objects, which contain information
  relating to a company
• Company Datasets (CDs) containing objects
  relating to a single company.
• Conflict Of Interest (COI) classes that contain
  the CDs of companies in competition.

3
Example

• Bank COI Class Gas Company COI
  Class

Bank of America a
Shell s
Standard Oil e
Bank the West c
Citibank b
ARCO n
Union 76 u
4
CW-simple security condition

• Let PR(s) be the set of objects that subject s
  can read.
• CW-simple security condition, prelim version
• s can read o iff either of the following holds.
• There is an object o such that s has accessed o
  and CD(o) CD(o)
• For all o ? PR(s) COI(o) ? COI(o)

5
CW-simple security condition

• Sanitized vs unsanitized objects
• CW-simple security condition
• s can read o iff either of the following holds.
• There is an object o such that s has accessed o
  and CD(o) CD(o)
• o ? PR(s) ? COI(o) ? COI(o)
• o is sanitized

6
CW-property

• Sanitized vs unsanitized objects
• CW-property
• s can write to object o iff both of the following
  hold.
• The CW-ss condition permits s to red o
• For all unsanitized o
• s can read o ? COI(o)
  COI(o).

7
BLP CW

• BLP CW are fundamentally different
• subjects in CW do not have security labels.
• BLP has no notion of past accesses.
• To emulate CW in BLP we assign a security
  category to
• each (COI,CD) pair.
• We define two security levels S for sanitized
  and
• U for unsantitized, and define S dom U.
• So for example (U,b,s) dom (U, b).

8
Role-Based Access Control

• The ability or need to access information may
  depend on
• ones job functions, i.e., ones role.
• A role r is a collection of functions. The set of
  authorized transactions of r is denoted by
  trans(r).
• The active role of a subject s, act(s), is the
  role that s is currently performing.
• The authorized roles of s, authr(s), is the set
  of roles that s is authorized to assume.
• The predicate canexe(s,t), is true iff s can
  execute t at the current time.

9
RBAC

• Three rules define the ability of a subject to
  execute a
• transaction.
• Let S be the set of subjects and T the set of
  transactions.
• Rule of role assignment
• ? s ? S, t ? T canexec(s,t) ?
  actr(s) ? ?
• Rule of role authorization
• ? s ? S actr(s) ? authr(s)
• Rule of transaction authorization
• ? s ? S, t ? T canexec(s,t) ? t ?
  trans(actr(s))