A new Access Control model based on the Chinese Wall Security Policy Model

Access control policies and models guide the successful implementation of well-defined access control requirements, which are used for the protection of information or data objects in an information system environment. Whenever these objects are used in a data mining environment, a change in the access control requirements is needed. During a data mining activity, the data miner may expose unexpected results or trends. All companies involved in data mining activities should be aware of these potential access control problems. Effective security policies can, however, help resolve these problems. Brewer and Nash (1989) first defined the Chinese Wall Security Policy model (CWSP model). This model provides access control for the commercial environment based on conflict of interest classes. Shortly after the introduction of the model, Lin (1989) reported an error and presented a modified version of the model called the Aggressive Chinese Wall Security Policy model (ACWSP model). This model introduced the concept of an overlap between conflict of interest classes. When the access control requirements needed for a data mining environment were investigated, it became evident that these two models did not fully comply with the requirements. The purpose of this article is to discuss a new access control model, based on the Chinese Wall Security Policy model, for a data mining environment. This new model will cover the access control requirements not met in the existing models. With this new access control model, data miners will be able to work on different company information or data objects without causing access control problems such as information leakage following exposure to unexpected results or trends. All companies involved in data mining activities will be able to control their level of exposure among competitive peer companies if they use the proposed access control model. The new model is dynamic in that it can cope with a rapidly changing business environment.