Modeling and Verification of Chinese Wall Policy Based on Petri Nets with Data

Information leakage easily occurs in large-scale information interactions and brings harm to individuals, enterprises, and society. As a well-known security policy, Chinese Wall (CW) provides a security guideline, which combines mandatory and discretionary access control to avoid information leakage. Colored Petri nets (CPNs) are a widely used formal method, well suited for verification of CW policy due to the capability of characterizing the concurrency. However, CPN easily suffers from the problem of state space explosion due to the interleaving semantics. The unfolding techniques can effectively alleviate this problem. In this article, we apply simplified CPN and their unfolding techniques to detect information leakage against CW policy. Specifically, we define a CPN-based CW model, propose an algorithm to generate the merged process of CPN, and detect the potential information leakage by analyzing the structural behaviors of its unfoldings. Furthermore, we conduct a case study and several experiments to show the advantages of our method. The results exhibit that our method can effectively detect information leakage against CW policy and alleviate the state space explosion.

Lattice-based enforcement of Chinese Walls

Security policies are one of the most fundamental elements of computer security. Current security policy design is concerned with the composition of components in security systems and interactions among them. Consequently, in a modular specification and verification of a policy, the composition of the modules must consistently assure security policies. A rigorous and systematic way to predict and assure such critical properties is crucial. This paper addresses the problem in a formal way. It uses colored Petri net process (CPNP) to specify and verify security policies in a modular way. It defines fundamental policy properties, i.e., completeness, termination, consistency, and confluence in Petri net terminology and gets some theoretical results. According to the eXtensible Access Control Markup Language (XACML) combiners and property preserving Petri net process algebra (PPPA), several policy composition operators are specified and property preserving results are stated for the policy correctness verification. As an application, the approach is illustrated for the design of Chinese Wall Policy.

The Chinese wall policy (CWP) is a security policy that governs the information that a group of agents may access. Information about competing companies is divided up into conflict sets. Agents adhering to CWP may only acquire information about one company per conflict set. Recently, a decentralized version of CWP was introduced, but its success was hampered by a limitation in the solution that had the potential to allow a clever agent to simultaneously access information about companies in the same conflict set, a clear violation of CWP. Using supervisory control theory, we investigate the synthesis of a decentralized CWP, where agents are not able to perform so-called double dipping. In a control-theoretic approach, the behavior of the system and the specification are modeled as finite-state machines. A decentralized controller for CWP either allows or forbids access to information at each state of the system. These control decisions are based on (1) the specification; (2) local knowledge of an agent's previous requests to a given controller; and (3) knowledge communicated from other controllers regarding their own relevant local knowledge of that agent's previous requests.

This paper reviews the most archetypal features of UML and Petri nets. Formed modeling structural scheme reflects the trends of designing modern information systems. This paper also overviews the possibility of converting UML net into Petri net. At the end, the paper gives a conclusion, and also a prospective of further research – using methods presented here. Development of organizational information systems (IS) recently becomes an important subject. Lately, the Unified Modeling Language (UML) became the standard in creating software, and in designing relatively simple organizational information systems. Some UML diagrams are also used for organizational sectional modeling, reengineering of business processes, and process analysis. By current view UML is used for specification of task sequences, and in the process of creating software for generation of program code class diagrams are being used. Class diagrams are sourced using activity diagrams, which are based on empirical reasoning and are not described by mathematical methods. UML methodology only allows very limited modeling of simple systems, to say nothing of the possibilities to evaluate process dynamics. That’s why Petri nets are often tried to use for designing of systems. High development of IS is determined by formal mathematical methods. Petri nets are formalism for performing process characterized by parallel links analysis. Petri nets characterize parallel structures, flexible modeling, and highly developed mathematical formalism. However, the results show that it is still failed to implement universal modeling of dynamic processes. Using methodology of Petri nets and its extensions (ex. Object Petri nets) is not absolutely rational because additional efforts are needed for evidence of objective features, besides by modeling systems using objective methodologies, particularly UML, cumulative experience is being lost. It limits system development possibilities, especially in a case of advanced systems, where deeper analysis of activity alternatives is necessary, demanding to evaluate dependences on variable business conditions under the influence of external factors, also continuous modernized data mining systems influencing system’s flexibility and quality requirements, and that is the basis of dynamic IS creation. Therefore this paper proposes comprehensive information system creation model, which combines internals of both, net and object designing methodologies. This model also applies to simplified cases when information system (IS) development stages may be executed by using only UML features, while in a general system creation case hybrid modeling scheme is recommended. For that purpose methods of transformation from UML to Petri net and modeling possibilities’ expansion ways, which allow better implementation of work sequence management, are being improved in the process. The conclusion state that implemented IS using suggested modeling scheme characterizes flexibility, and enables appending new features to the system without blocking its exploitation. Concerning work, particularly mark management methods enable aiming that implementing IS would have modeling structure, possibilities to change system’s functions and features by supplementing system with separate program modules without changing whole system.

The Chinese Wall policy is one of the well-known commercial security policies. It is used to specify information control when conflicts of interest arise. In other words, it maintains database security by means of classifying accessible data objects according to users’ interest and limiting access to data objects that can cause conflicts of interest. In this paper, we propose a new model that decreases conflicts between user transactions by classifying data objects in a database system according to the users’ interest. In order to achieve our goal, the Chinese Wall policy is newly interpreted and then applied to transaction processing in multilevel secure database systems. And then, more flexible concurrency control protocol based on the proposed model is suggested. Our model might be utilized as flexible security policy that prevents performance degradation of large database systems.KeywordsDatabase SystemData ObjectSecurity PolicySecurity LevelConcurrency ControlThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

The Chinese Wall model is a model of a security policy that refers equally to confidentiality and integrity. In this paper, we propose a Colored Petri net modeling technique, which allows one to analyze and verify Chinese Wall Policy in Colored Petri net model of a system. Subsequently, an example of the Chinese Wall Policy is illustrated and the conclusions show that Petri net is not only a concise graphic modeling method, but also suited to formal analysis and verification. This technique can efficiently improve the security policies during the system design and implementation.

Information and processes are both important aspects of information systems. Nevertheless, most existing languages for modeling information systems focus either on one or the other. Languages that focus on information modeling often neglect the fact that information is manipulated by processes, while languages that focus on processes abstract from the structure of the information. In this paper, we present an approach for modeling and verification of information systems that combines information models and process models using an automated theorem prover. In our approach, set theory and first-order logic are used to express the structure and constraints of information, while Petri nets of a special kind, called Petri nets with identifiers, are used to capture the dynamic aspects of the systems. The proposed approach exhibits a unique balance between expressiveness and formal foundation, as it allows capturing a wide range of information systems, including infinite state systems, while allowing for automated verification, as it ensures the decidability of the reachability problem. The approach was implemented in a publicly available modeling and simulation tool and used in teaching of Information Systems students.

An introduction into policies and mechanisms of database security is given. Three different policy classes for access control are distinguished: Owner driven access control (discretionary access control), organization driven access control (mandatory access control), and access control with security levels (multi-level access control). After giving intentions and characterizations for each policy class, we present mechanisms usually used with those policies. Thus the access control matrix is presented with their different views from a subject (capability list), from a granule (access control list), and from an operation (method control list). Further mechanisms which are considered in connection with owner driven access control are propagation of rights, database views, and query modification. Organization driven access control is studied with respect to classification and clearance, the relationship between confidentiality and integrity, and the appropriate granularity of classification. The dissemination control policy and -in more detail- the chinese wall policy are presented as examples for this class of policies. Mechanisms of the lattice-based access control with security levels include polyinstantiation (used for information hiding and cover stories) and trusted subjects. A final criticism points out the author’s view of the strengths and weaknesses of each class of policies.

The primary objective of Data Leakage Prevention (DLP) is to control the data usage by authorized users. Traditional control mechanisms are mostly implemented based on security domains and deploy strict polices on actions spanning different domains which will decrease the usability and flexibility of the system. The Chinese Wall Policy combines discretionary and mandatory aspects of access control so that it is a good choice for DLP. This paper extends the traditional conflict and alliance relationship and presents an efficient framework ACWF. The ACWF maintains dynamic relationship between different data objects and provides reference mechanism to confine the corresponding usage domain. We present an applicable scenario analysis and implement a secure removable storage device based on ACWF. The results show the efficiency of ACWF in DLP application.

A Business Cloud is defined to be a collection of company datasets that are stored on the Cloud. For simplicity, we have assumed: Each company only has one dataset. There are information flows among these datasets. Within such an environment Chinese Wall Security Policy (CWSP) is revisited. Based on the physical view of Brewer and Nash, the Chinese Wall policy that regulates Conflict of Interest binary Relation, denoted by CIR among company datasets, is investigated. CIR has found to be anti-reflexive, symmetric and anti-transitive, in other words, the compliment of CIR is an equivalence relation. The main theorem states that, from the owner (a company) view, a dataset under CWSP will neve flow into enemies hands (companies in conflicts). More generally, if CIR is anti-reflexive and symmetric, then there are Aggressive Chinese Wall that surrounds the company datasets of those companies who are in conflict, and a Conservative Chinese Wall that that surrounds the company datasets whose owner are friends; note that the set friends is a subset of not in conflict. The main theorem states that no information of those company datasets that are stored within the Aggressive Chinese Wall may never penetrate the Wall, similar conclusion for Conservative Chinese Wall. However those company datasets that are outside these two walls may penetrate the two walls.

Section 1: Perspectives on Information Systems Development. The Machine is Not the Woman: Cyberfeminism and the Techno-Determinism of Information Systems J. Arnold. To Err is Human: Implications for Information Systems Development G.J. Bakehouse. CRISP: The Campaign for Real Information Systems Production M.F. Chester. Methodological Rigour and Methodology Relevance in IS Development S.K. Probert. Section 2: Information Systems Development Methods. The Impact of Reference Modeling in MRPII/ERP Systems on Business Process Reengineering G. Bartoszewicz. A Maturity Framework for the Enterprise Modeling and Engineering Process K. Borgen, O. Ohren. Development Methods for Knowledge Intensive Applications I.T. Hawryszkiewycz. Framework Oriented Software Development and its Challenges: Commercial Software Solutions Provider Perspective R. Polovina, et al. Are Use Cases Necessarily the Best Start of An OO System Development Process? G. Skagestein. Section 3: Information Systems Development Tools, Techniques and Technologies. Using Hierarchies to Adapt Domain Analysis to Software Development M.J. Forsell. A Mobility Prediction Algorithm for Quality of Service Improvement in Wireless ATM H.-k. Kim, et al. FTI Algorithm for Component Interface Meta Modeling of the TMN Agents S.-H. Park, et al. XML: A Challenge for Databases? J. Pokorny. Process Diagram Technique for Business Processes Modeling V. Repa. Artificial Neural Networks in Predicting a Dichotomous Level of Financial Distress for Uneven Training and Testing Samples J. Zurada, et al. Section 4: Management of Information Systems and Systems Development. Managing Software Development within a Virtual ProjectEnvironment S. Balint. Managerial Enterprise Structural Stakeholders (MESS) Model -- Modelling the Influence of Organisational Politics and Structure Upon Cost of Systems Development L. Carver, E. Lewis. Development Recommendations for Knowledge Management/Organizational Memory Systems M.E. Jennex, L. Olfman. An Integrated Object & Fuzzy Cognitive Maps Approach to Business Process Management D. Kardaras, et al. An Empirical Assessment of IT Disaster Probabilities W. Lewis, et al. Knowledge Management: Trusting Knowledge Workers A. Nottingham. Information Systems Audit for Investment Decision M. Pankowska. Section 5: Information Systems Application Areas. Implementation of an Integrated Software Package T. Ahlin, J. Zupancic. Matchmaking Mechanisms for Agent-Mediated Electronic Markets M. Bichler, A. Scharl. Implementing Enterprise Resource Planning Systems: Implications for Financial Specialists A. Caglio, et al. A Model for Organisational Integration of Meeting Outcomes C.J. Costa, et al. Decision Support Systems Implementation Research: Review of the Current State and Future Directions S.B. Eom. WWW Workflows Based on Petri Nets K. Knorr. Information Technology in the Marketing Mix of a Modern Business J. Unold. Manningham On-Line -- Using Global Technologies for Building Local Electronic Commerce Business K. Vigo, et al. Section 6: Information Systems Education and Learning. Maintaining Software May Help an Organisation Learn D. Edberg, L. Olfman. Object Based Learning Systems (OBL): A Virtual Context for Embedding Artificial Intelligence in Tutorial Software K. Folkman, J. Holmberg. Teaching XML in a Business School: Lessons Learned from the Agder Expe

Access control is used in databases to prevent unauthorized retrieval and tampering of stored data, as defined by policies. Various policy models provide different protections and guarantees against illegal accesses, but none is able to offer a universal fit for all access control needs. Therefore, the static nature of access control mechanisms deployed in commercial databases limit the security guarantees provided. They require time-consuming and error-prone efforts to adapt access control policies to evolving security contexts. In contrast, we propose a fully automated and agile approach to access control enforcement in relational databases. We present tractable algorithms that enforce any policy expressible using the high-level syntax of the Authorization Specification Language. This includes complex policies involving information flow control or user history dependencies. Our method does not require any modification to the database schema or user queries, thus allowing for a transparent implementation in existing systems. We demonstrate our findings by formulating two classic access control models: the Bell-LaPadula model and the Chinese Wall policy.

In the near future, clouds will provide situational monitoring services such as health monitoring, stock market monitoring, shopping cart monitoring, and emergency control and threat management. Offering such services requires securely processing data streams generated by multiple, possibly competing and/or complementing, organizations, such that there is no overt or covert leakage of sensitive information. We demonstrate how an information flow control model adapted from the Chinese Wall policy can be used to protect against sensitive data disclosure in data stream management system. We also develop a language based on Continuous Query Language that can be used to express information flow constraints in stream processing and provide its formal semantics.

The article highlights the report of the Committee on Information Systems of the American Accounting Association. The charge to the committee on Information Systems is to assess the developments that are likely to occur over the next ten years that will have a significant impact on the design and operation of information systems and to develop a report on it. The accounting function is one of the most important information systems in an organization. A major socio-political development likely to have a significant impact on the design and operation of information systems over the next decade is an increasing emphasis on social responsibilities, not only by federal, state, and local government, but by industry, not-for-profit organizations, and private citizens as well. Finally, since there appears to be a trend toward more community involvement by the private sector, information for coordinating the private and public sector efforts will be required. There is an extensive literature in economics on macro-economic concentration, industry concentration, and individual firm size as they relate to efficiency and competition. Inputs to the educational system include students, faculty, and financial resources. Developments in information systems are rapidly affecting pedagogy. Technical developments in communication and information systems have and will continue to provide additional educational capabilities.