Brewer and Nash model

The Brewer -Nash model (also Chinese Wall model) describes an IT security model for the protection of data. It protects the confidentiality of information through a system enforced rules. Thus, it implements the concept of Mandatory Access Control of IT system security. It is intended to prevent "undue exploitation of insider knowledge in the handling of bank or stock exchange transactions " or the disclosure of company-specific insider information on competing companies by a consultant. 260

Its origins, the model in the financial sector and designated certain rules to prevent a conflict of interest is brought about (see also Chinese Wall ( finance ) ).

The Brewer -Nash model was created in 1989 by David F. C. Brewer and Michael J. Nash described and followed a user- definable access control strategy, which is so far extended to system discretionary access controls, as that future accessibility of a subject are limited by its carried out in the past Hits:. 265

Formal definition

The amount of the subjects modeled the actors, eg the active consultant in a consulting company, while the set of objects representing the objects to be protected, so for example sensitive documents from a bank or a company.

Access matrix, and access history

The Brewer -Nash model is an access matrix based string that specifies which rights a subject to an object at the time. The rights in the Brewer -Nash model are defined by.

In addition, considering an access history, which is represented by a matrix. It being understood that if and only if there are times at which the subject has access to the object permissions.

Object tree

The objects are structured in an object tree of depth 3: The protective properties are the leaves of the tree. The parent node of the protection objects represent the company or areas to which the objects belong. For an object the undertaking to which it is assigned is denoted by. The companies in turn have as a parent node, the conflict of interests classes, which is designated for a given object by. Intuitively, this means that if two companies A and B are in the same conflict of interest class, subjects not at the same time in knowledge of sensitive information (objects) both A and B may come across.

In addition to marked objects that should be accessible to the public all subjects, with and defined on those objects according to the conflict of interest class.

Read Policy

Now the system-related access restrictions must be defined. The first rule, the reading rule states that a subject if and only read access gets to an object when the subject read access has to the object and to all objects to which it already ( with any law) had access, is that they are public, they are like assigned to the same company or as belonging to a different conflict of interest class. Formally, this means

Spelling Rule

Only with the read policy can exclude no unwanted flow of information. Namely, there is a possibility that a subject to an object read access and the content to write in an object which is located in a another conflict of interest category. A second subject could now first access to an object, which as situated in the same conflict of interest class, but another company belongs. Now you might be by reading illegal insider knowledge about appropriate because the contents of and agree.

To prevent this flow of information, we define the following rewrite rule, which states that a subject if and only write access receives on an object if it has a write access and if for all objects to which the subject has already been exercised read access, valid, that they are assigned as public or the same company. Formally, this means

It is therefore prohibited by this rule exactly the case described above, that a subject passed on insider information about another conflict of interest class to a competitor.