Chinese Wall Security Policy Models

Information Flows and Confining Trojan Horses
  • Tsau Young T. Y. Lin
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 142)


In 1989, Brewer and Nash (BN) presented a fascinating idea, called Chinese wall security policy model, for commercial security. Their idea was based on the analysis of the notion, Conflict of Interest binary Relation (CIR). Unfortunately, their formalization did not fully catch the appropriate properties of CIR. In this paper, we present a theory based on granulation that has captured the essence of BN’s intuitive idea. The results are more than the Chinese wall models: Malicious Trojan horses in certain DAC Model (discretionary access control) can be controlled or confined.


Simple Chinese Wall Security policy Agressive(Strong) Chinese Wall Security policy binary relation conflict of interests equivlaence relation 


  1. [1]
    Bell, D. 1987. Secure computer systems: A network interpretation. In Proceedings on 3rd Annual Computer Security Application Conference. 32–39.Google Scholar
  2. [2]
    David D. C. Brewer and Michael J. Nash: “The Chinese Wall Security Policy” IEEE Symposium on Security and Privacy, Oakland, May, 1988, pp 206–214.Google Scholar
  3. [3]
    Richard A. Brualdi, Introductory Combinatorics, Prentice Hall, 1992.Google Scholar
  4. [4]
    W. Chu and Q. Chen Neighborhood and associative query answering, Journal of Intelligent Information Systems, 1, 355–382, 1992.CrossRefGoogle Scholar
  5. [5]
    S. A. Demurjian and S. A. Hsiao “The Multimodel and Multilingual Database Systems-A Paradigm for the Studying of Database Systems,” IEEE Transaction on Software Engineering, 14,8, (August 1988)Google Scholar
  6. [6]
    Denning, D. E. 1976. A lattice model of secure information flow. Commun. ACM 19,2, 236–243.zbMATHMathSciNetGoogle Scholar
  7. [7]
    Hsiao, D.K., and Harary, F.,“A Formal System for Information Retrieval From Files,” Communications of the ACM, 13,2 (February 1970). Corrigenda CACM 13,3 (March, 1970)Google Scholar
  8. [8]
    Wong, E., and Chiang, T. C., “Canonical Structure in Attribute-Based File Organization,” Communications of the ACM, Vol. 14, No. 9, September 1971.Google Scholar
  9. [9]
    C. E. Landhehr, and C. L. Heitmeyer: Military Message Systems:Requirements and Security Model, NRL Memorandom Report 4925, Computer Science and Systemss Branch, Naval research Laboratory.Google Scholar
  10. [10]
    T. T. Lee, “Algebraic Theory of Relational Databases,” The Bell System Technical Journal Vol 62, No 10, December, 1983, pp. 3159–3204zbMATHMathSciNetGoogle Scholar
  11. [11]
    T. Y. Lin, Neighborhood Systems and Relational Database. In: Proceedings of 1988 ACM Sixteen Annual Computer Science Conference, February 23–25, 1988, 725Google Scholar
  12. [12]
    “A Generalized Information Flow Model and Role of System Security Officer”, Database Security: Status and Prospects II, IFIP-Transaction, edited by C. E. Landwehr, North Holland, 1989, pp. 85–103.Google Scholar
  13. [13]
    T. Y. Lin, Neighborhood Systems and Approximation in Database and Knowledge Base Systems, Proceedings of the Fourth International Symposium on Methodologies of Intelligent Systems, Poster Session, October 12–15, pp. 75–86, 1989.Google Scholar
  14. [14]
    T. Y. Lin, “Chinese Wall Security Policy-An Aggressive Model”, Proceedings of the Fifth Aerospace Computer Security Application Conference, December 4–8, 1989, pp. 286–293.Google Scholar
  15. [15]
    “Attribute Based Data Model and Polyinstantiation,” Education and Society, IFIP-Transaction, ed. Aiken, 12th Computer World Congress, September 7–11, 1992, pp.472–478.Google Scholar
  16. [16]
    T. Y. Lin, “Neighborhood Systems-A Qualitative Theory for Fuzzy and Rough Sets,” Advances in Machine Intelligence and Soft Computing, Volume IV. Ed. Paul Wang, 1997, Duke University, North Carolina, 132–155. ISBN: 0-9643454-3-3Google Scholar
  17. [17]
    T. Y. Lin “Granular Computing on Binary Relations I: Data Mining and Neighborhood Systems.” In: Rough Sets In Knowledge Discovery, A. Skoworn and L. Polkowski (eds), Physica-Verlag, 1998, 107–121Google Scholar
  18. [18]
    T. Y. Lin “Granular Computing on Binary Relations II: Rough Set Representations and Belief Functions.” In: Rough Sets In Knowledge Discovery, A. Skoworn and L. Polkowski (eds), Physica-Verlag, 1998, 121–140.Google Scholar
  19. [19]
    T. Y. Lin “Chinese Wall Security Model and Conflict Analysis,” the 24th IEEE Computer Society International Computer Software and Applications Conference (Compsac2000) Taipei, Taiwan, Oct 25–27, 2000Google Scholar
  20. [20]
    T. Y. Lin “Feature Completion,” Communication of IICM (Institute of Information and Computing Machinery, Taiwan) Vol 5, No. 2, May 2002, pp. 57–62. This is the proceeding for the workshop “Toward the Foundation on Data Mining” in PAKDD2002, May 6, 2002.Google Scholar
  21. [21]
    T. Y. Lin “A Theory of Derived Attributes and Attribute Completion,” Proceedings of IEEE International Conference on Data Mining, Maebashi, Japan, Dec 9–12, 2002.Google Scholar
  22. [22]
    A. Motro: “Supportin Gaol Queries”, in: Proceeding of the First Internatonal Conference on Expert Database Systems, L. Kerschber (eds)m April 1–4, 1986, pp. 85–96.Google Scholar
  23. [23]
    S. Osborn, R. Sanghu and Q. Munawer, “Configuring RoleBased Access Control to Enforce Mandatory and Discretionary Access Control Policies,” ACM Transaction on Information and Systems Security, Vol 3, No 2, May 2002, Pages 85–106.Google Scholar
  24. [24]
    Z. Pawlak, Rough sets. International Journal of Information and Computer Science 11, 1982, pp. 341–356.zbMATHMathSciNetGoogle Scholar
  25. [25]
    Z. Pawlak, “On Conflicts,” Int J. of Man-Machine Studies, 21 pp. 127–134, 1984zbMATHGoogle Scholar
  26. [26]
    Z. Pawlak, Analysis of Conflicts, Joint Conference of Information Science, Research Triangle Park, North Carolina, March 1–5, 1997, 350–352.Google Scholar
  27. [27]
    Polkowski, L., Skowron, A., and Zytkow, J., (1995),“Tolerance based rough sets.” In: T.Y. Lin and A. Wildberger (eds.), Soft Computing: Rough Sets, Fuzzy Logic Neural Networks, Uncertainty Management, Knowledge Discovery, Simulation Councils, Inc. San Diego CA, 55–58.Google Scholar
  28. [28]
    Sandhu, R. S. Latticebased enforcement of Chinese Walls. Computer & Security 11, 1992, 753–763.Google Scholar
  29. [29]
    Sandhu, R. S. 1993. Latticebased access control models. IEEE Computer 26,11, 9–19.Google Scholar
  30. [30]
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L.,and Youman, C. E. 1996. Rolebased access control models. IEEE Computer 29,2 (Feb.), 38–47.Google Scholar
  31. [31]
    Sandhu, R. And Munawer, Q. 1998.How to do discretionary access control using roles. In Proceedings of the Third ACM Workshop on RoleBased Access Control (RBAC’ 98, Fairfax, VA, Oct. 22–23), C. Youman and T. Jaeger, Chairs. ACM Press, New York, NY, 47–54.Google Scholar
  32. [32]
    W. Sierpinski and C. C, Kreiger, General Topology, University Toronto press, 1952Google Scholar
  33. [33]
    T.C. Ting, “A User-Role Based Data Security Approach”, in Database Security: Status and Prospects, C. Landwehr (ed.), North-Holland, 1988.Google Scholar
  34. [34]
    Demurjian, S., and Ting, T.C., “Towards a Definitive Paradigm for Security in Object-Oriented Systems and Applications,” J. of Computer Security, Vol. 5, No. 4, 1997.Google Scholar
  35. [35]
    Liebrand, M., Ellis, H., Phillips, C., Demurjian, S., Ting, T.C., and Ellis, J., “Role Delegation for a Resource-Based Security Model,” Data and Applications Security: Developments and Directions II, E. Gudes and S. Shenoi (eds.), Kluwer, 2003.Google Scholar
  36. [36]
    Phillips, C., Demurjian, S., and Ting, T.C., “Towards Information Assurance in Dynamic Coalitions,” Proc. of 2002 IEEE Info. Assurance Workshop, West Point, NY, June 2002.Google Scholar
  37. [37]
    L.A. Zadeh, Fuzzy sets and information granularity, in: M. Gupta, R. Ragade, and R. Yager (Eds.), Advances in Fuzzy Set Theory and Applications, North-Holland, Amsterdam, 3–18, 1979.Google Scholar
  38. [38]
    L. Zadeh, “Some Reflections on Information Granulation and its Centrality in Granular Computing, Computing with Words, the Computational Theory of Perceptions and Precisiated Natural Language.” In: T. Y. Lin, Y.Y. Yao, L. Zadeh (eds), Data Mining, Rough Sets, and Granualr Computing T. Y. Lin, Y.Y. Yao, L. Zadeh (eds)Google Scholar

Copyright information

© Springer Science + Business Media, Inc. 2004

Authors and Affiliations

  • Tsau Young T. Y. Lin
    • 1
  1. 1.Department of Computer ScienceSan Jose State UniversitySan Jose

Personalised recommendations