Chinese Wall

  • Conflict of Interest (COI) - occurs when and individual’s judgment or motivation may be impaired due to pre existing biases.

  • The goal of Chinese Wall is to prevent any conflicts of interest

  • CW is dynamic, meaning permissions actively change as a subject navigates the system

  • It is a hybrid model - it is concerned with both confidentiality and integrity

    • Confidentiality because it aims to prevent subjects from accessing sensitive data that could be detrimental to the organization

    • Integrity because it aims to ensure data is Falsified or corrupted in service to a COI

  • To understand CW, you have to consider objects, company datasets, and COI classes

    • An object refers to some item of info that relates to a company; this is the same definition of object we’ve used

    • A company dataset is a collection of objects pertaining to a single company.

      • Ex. Having an Apple or Chevron CD

    • A COI class is a set of CD’s belonging to competing companies, such that any two CDs pulled from the class would be in competition

    • COI is a collection of CD’s that are collections of Objects

  • Data in the CW model can be sanitized or unsanitized

    • Sanitized Data: refers to info that’s already public or could be published with no harm to the company

      • Sanitization: Any sensitive data removed by info is released

    • Unsanitized data: refers to info that is not public, and could result in harm to the company if publicized

    • CW model is concerned with limiting access to unsanitized data

  • Simple Security Condition

    • A subject can read an object if any of the following are true:

      • 1. The subject has already read from the object’s dataset

      • 2. Nothing the subject has read before belongs to the object’s COI class

      • 3. The object is sanitized and therefore safe for anyone to view

  • * Property

    • A subject can write to an Object if both of the following conditions are true:

      • The simple security conditions permits S to read O.

      • All unsanitized objects S can read belong to O’s dataset.

  • The Simple Security Condition and the * Property result in the following:

    • The flow of sanitized info is unrestricted

    • The flow of unsanitized info is confined to its own CD

    • A subject can access only one CD in each COI class

    • In each COI class, the mini. num. of subjects needed to access every object is equal to the number of CDs in the COI class

    • Access history affects future access (model is dynamic is what that means)

  • The CW makes some assumptions that are flawed

    • CDs in different COI classes may still be in competition; it would be nearly impossible to compartmentalize all possible conflicts of interest away from one another.

    • Likewise, CDs in the same COI might not actually be in conflict with one another.

    • Consequently, it is important to define COI classes according to common interest, not according to the type of business conducted