Lattice - Based Enforcement of Chinese

The Chinese Wall policy was identiied and so named by Brewer and Nash 2]. This policy arises in the nancial segment of the commercial sector, which provides consulting services to other companies. Consultants naturally have to deal with conndential company information for their clients. The objective of the Chinese Wall policy is to prevent information ows which cause connict of interest for individual consultants. Brewer and Nash develop a mathematical model of the Chinese Wall policy , on the basis of which they claim that this policy \cannot be correctly represented by a Bell-LaPadula model." In this paper we demonstrate that the Brewer-Nash model is too restrictive to be employed in a practical system. This is due to their treatment of users and subjects as synonymous concepts, with the consequence that they do not distinguish security policy as applied to human users versus security policy as applied to computer subjects. By maintaining a careful distinction between users, principals and subjects, we show that the Chinese Wall policy is just another lattice-based information policy which can be easily represented within the Bell-LaPadula framework.