Building Chinese walls in standard unixTM

The set-user-id facility in Unix can be used to form the basis for the implementation of a wide variety of different security policies in Unix. We show how the Chinese Wall security policy can be implemented using this facility. The approach is not appropriate for security critical applications: it serves to illustrate that it can be done in a rather simple way, and may be useful for less critical applications. Our technique also provides an approach to implementing dynamic segregation of duties in Unix.

[1]  Simon N. Foley Secure information flow using security groups , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[2]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[3]  W. Timothy Polk Approximating Clark-Wilson Access Triples with Basic UNIX Commands , 1993, USENIX Security Symposium.

[4]  Michael J. Nash,et al.  Some conundrums concerning separation of duty , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[6]  Simon N. Foley,et al.  Aggregation and Separation as Noninterference Properties , 1992, J. Comput. Secur..

[7]  Dan Thomsen,et al.  A comparison of type enforcement and Unix setuid implementation of well-formed transactions , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[8]  Volker Kessler On the Chinese Wall Model , 1992, ESORICS.

[9]  Tsau Young Lin,et al.  Chinese wall security policy-an aggressive model , 1989, [1989 Proceedings] Fifth Annual Computer Security Applications Conference.

[10]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[11]  Catherine A. Meadows Extending the Brewer-Nash model to a multilevel context , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.