chinese wall model in the internet environment n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Chinese wall model in the internet Environment PowerPoint Presentation
Download Presentation
Chinese wall model in the internet Environment

Loading in 2 Seconds...

play fullscreen
1 / 29

Chinese wall model in the internet Environment - PowerPoint PPT Presentation


  • 160 Views
  • Uploaded on

Arab Academy for Banking and Financial sciences PhD program Information System Security. Chinese wall model in the internet Environment . Prepared to : Dr.Lo ’ ai Tawalbeh Presented by : Marwan Al_Abed Abu_Zanona. Agenda. Introduction Chinese wall Model Policy Simple security rule

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Chinese wall model in the internet Environment' - gavrilla


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chinese wall model in the internet environment

ArabAcademy for Banking and Financial sciences

PhD program Information System Security

Chinese wall model in the internet Environment

Prepared to :Dr.Lo’ai Tawalbeh

Presented by :Marwan Al_Abed Abu_Zanona

Selected Topics In IIS

agenda
Agenda
  • Introduction
  • Chinese wall Model Policy
  • Simple security rule
  • Chinese wall in www .
    • Authentication .
    • Authorization .

Selected Topics In IIS

slide3

introduction

  • The goals most often specified in a security policy are :
    • confidentiality - prevention of unauthorized access and theft of information.
    • integrity - prevention of unauthorized modification of information.
    • availability - prevention of denial of service.

Selected Topics In IIS

slide4

introduction

  • Chinese Wall security describe how to reach these goals.
  • It’s a commercial security policy .
  • The Chinese Wall security policy focuses more on confidentiality .
  • The Chinese Wall security policy is perhaps as significant to some parts of the commercial world as Bell and LaPadula’s policies are to the military .

Selected Topics In IIS

slide5

introduction

  • It can be distinguished from Bell-LaPadula policies by the way that a user’s permitted accesses are constrained by the history of his previous accesses .
  • The Chinese Wall security policy was identified by Brewer and Nash. It is a real commercial policy which can be formally modelled. Its basic idea is to keep company information confidential and prevent it from unauthorized access of consulting services.

Selected Topics In IIS

chinese wall model policy
Chinese wall Model Policy
  • All corporate information is stored in hierarchically arranged filling system. It consist of three levels :
    • At the lowest level , individual items of information (objects) is considered, each concerning a single corporation .
    • At the intermediate level , all objects which concern the same corporation are grouped into a company dataset .
    • At the highest level , all company datasets whose corporations are in competition are grouped together. Each group is referred as a conflict of interest class .

Selected Topics In IIS

chinese wall model policy1
Chinese wall Model Policy
  • Associated with each object is the name of the company dataset to which it belongs and the name of the conflict of interest class to which that company dataset belongs .

Selected Topics In IIS

chinese wall model policy2
Chinese wall Model Policy
  • If the system maintained information on Bank-A , Oil Company-A and Oil Company-B :
    • All objects would belong to one of three company dataset ( “bank-A”“oil company-A” or “oil company-B” ) ,
    • There would be two conflict of interest classes , one for banks ( containing Bank-A’s dataset ) and one for petroleum companies ( containing Oil company-A’s and Oil company-B’s dataset .

Selected Topics In IIS

chinese wall model policy3
Chinese wall Model Policy
  • The basis of the Chinese Wall policy is that people are only allowed access to information which is not held to conflict with any other information that they already possess .

Selected Topics In IIS

chinese wall model policy4
Chinese wall Model Policy
  • Thus , in consideration of the Bank-A , Oil Company-A and Oil Company-B datasets , a new user may freely choose to access whatever datasets he likes ; as far as the computer is concerned a new user does not possess any information and therefore no conflict can exist .

Selected Topics In IIS

chinese wall model policy5
Chinese wall Model Policy
  • Suppose the user accesses the Oil Company-A dataset first . The user now possess information concerning the oil company-A dataset .
  • Later , he requests access to the Bank-A dataset
  • This is quite permissible since the Bank-A and Oil company-A datasets belong to different conflict of interest classes and therefore no conflict exists .

Selected Topics In IIS

slide15

Chinese wallModel Policy

  • However, if he requests access to the oil company-B dataset the request must be denied since a conflict does exist between the requested dataset ( Oil Company-B) and one already possessed (Oil Company-A) .

Selected Topics In IIS

chinese wall model policy6
Chinese wall Model Policy
  • It does not matter whether the oil company-A dataset was accessed before or after the Bank-A dataset .
  • However, were Oil Company-B to be accessed before the request to access the Oil Company-A dataset , the restrictions would be quite different .
  • In this case access to the Oil Company-A dataset would be denied and the user would possess { “Oil Company-B“ , “Bank-A” } ( as opposed to the request to access the oil Company-B dataset being denied and the user possessing { “Oil Company-A” , “Bank-A” } ) .

Selected Topics In IIS

chinese wall model in www
Chinese Wall Model In www
  • To realize the Chinese Wall security policy we need user labels that contain information about the user’s identity and objects already accessed by him. We require mechanisms that reliably provide authentication and authorization by user profiles that support an interface to software run in the world wide web.

Selected Topics In IIS

authentication in the world wide web
Authentication in the world wide web
  • The Basic Authentication : is included in the HTTP protocol. It is based on the model that the user agent must authenticate himself with a user-ID and a password when requesting a protected document .
  • The server responds the request with a challenge for the authorization information of the user agent.. Now user identification and password information in the entity header are passed over the Internet in clear text as a BASE64 encoded string and the server send the requested document in response.
  • the Basic Authentication scheme is not a secure method of user authentication, or does it prevent the entity body from being transmitted in clear text across

the physical network used as the carrier .

  • Basic Authentication is based on the assumption that the connection between the client and the server can be regarded as a trusted carrier. As this is generally not true on an open network .

Selected Topics In IIS

basic authentication
Basic Authentication

Selected Topics In IIS

authentication in the world wide web1
Authentication in the world wide web
  • The Digest Access Authentication: is an extension to the HTTP protocol. It is developed to make up the Basic Authentication deficits.
  • The server answers the client request with an unauthorized header and the user is provided with a dialog box to type in the user’s username

and password.

  • The Digest Authentication calculates a checksum of all relevant connection data along with a server generated and sends it back to the server. The server takes the unique connection data and also creates a checksum. If the two checksums match up the server allows access to the requested document. This way, authorization is completed without sending a password across the Internet.

Selected Topics In IIS

digest access authentication
Digest Access Authentication
  • Digest Authentication does not provide the encapsulation of the message content .

Selected Topics In IIS

authentication and data protection with ssl
Authentication and Data Protection with SSL
  • The SSL protocol includes services for
    • server/client authentication.
    • encryption of data in transit, meaning privacy and data integrity.
  • Privacy is achieved by using symmetric cryptography. Data integrity is ensured by Message Authentication Check (MAC) and for authentication the Public Key Infrastructure is used.

Selected Topics In IIS

authentication and data protection with ssl2
Authentication and Data Protection with SSL
  • SSL protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, and reassembled, then delivered to higher level clients.
  • The SSL session is established by a handshake sequence between client and server .
  • The handshake sequence consists of messages that enable negotiation of cryptographic parameters, generation of shared secrets (session keys) between client and server at the beginning of their communication

Selected Topics In IIS

authorization in the world wide web
Authorization in the world wide web
  • To realize the Chinese Wall security policy within the WWW we need a flexible authorization mechanism.
  • It must provide a dynamic change of the user access rights, which is an essential element of the Chinese Wall security policy. Once a user accessed a company dataset in an untouched conflict of interest class the profile must deny access rights to all other companies in this COI class.

Selected Topics In IIS

authorization mechanisms
Authorization Mechanisms
  • Authorization by user profiles
  • Authorization by certificates
  • The Open Profiling Standard

Selected Topics In IIS