View Forum Topic

Forums
CS580
Access Control - Chinese Wall

Author	Message
Gayaneh Posts: 40	Posted 20:21 Jun 01, 2016 \| Hi Professor, I attended today's class online and I have question about Chinese Wall Rule for Read and Write as I am a bit confused on how these rules work If I understood this right, Subject S can read a company C' data only in two circumstances: - If he has already accessed C' data - He has NOT accessed the competitor's data For example: and in slide 43, if S reads from Bank A, he cannot read from Bank B. or if he read for School 1 he cannot read from School 2... For write rule: S can write to O only if S can read O and all objects that S can read are in the same dataset as O. Does this mean that if S wants to write to Bank A, he shall not be accessing any other banks/schools prior to that? As the slide notes: Subject S is allowed to read from at most one company dataset inany CI To my understanding if S wants to write to Bank A he shouldn't have any prior access to School 1. The example in slide 44 actually wants to show what will happen if S reads from Bank 1 and writes to school 1; then S' may find out information about school 1 and Bank B (conflicts of interest). As in the same slide there is a note: This is intended to prevent an indirect flow of information that would cause a conflict of interests. Can you please clarify? Many Thanks, Gayaneh Petrossian Last edited by Gayaneh at 08:39 Jun 04, 2016.
Gayaneh Posts: 40	Posted 08:43 Jun 04, 2016 \| Any comments from anyone? Dr. Guo, can you please reply to my questions? Your help will be highly appreciated! Regards, Gayaneh Gayaneh wrote: Hi Professor, I attended today's class online and I have question about Chinese Wall Rule for Read and Write as I am a bit confused on how these rules work If I understood this right, Subject S can read a company C' data only in two circumstances: - If he has already accessed C' data - He has NOT accessed the competitor's data For example: and in slide 43, if S reads from Bank A, he cannot read from Bank B. or if he read for School 1 he cannot read from School 2... For write rule: S can write to O only if S can read O and all objects that S can read are in the same dataset as O. Does this mean that if S wants to write to Bank A, he shall not be accessing any other banks/schools prior to that? As the slide notes: Subject S is allowed to read from at most one company dataset inany CI To my understanding if S wants to write to Bank A he shouldn't have any prior access to School 1. The example in slide 44 actually wants to show what will happen if S reads from Bank 1 and writes to school 1; then S' may find out information about school 1 and Bank B (conflicts of interest). As in the same slide there is a note: This is intended to prevent an indirect flow of information that would cause a conflict of interests. Can you please clarify? Many Thanks, Gayaneh Petrossian Last edited by Gayaneh at 08:45 Jun 04, 2016.
hpguo Posts: 139	Posted 11:56 Jun 06, 2016 \| Sorry for this late reply! I was out of town and just came back yesterday. Your understanding of both rules is correct. This example on slide 44 is actually a counter example. It shows that if we allow this to happen, we may violate the write rule. So, if S reads from bank 1, he/she CANNOT write to school 1. Dr. Guo