Chinese Wall Security Policy

This project establishes a Chinese wall security policy model in the environment of cloud computing. In 1988 Brewer and Nash proposed a very nice commercial security policy in British financial world. Though the policy was well accepted, but the model was incorrect. A decade later, Dr. Lin provided a model in 2003 that meets Brewer & Nash’s Policy. One of the important components in Cloud computing is data center. In order for any company to store data in the center, a trustable security policy model is a must; Chinese wall security policy model will provide this assurance. The heart of the Chinese Wall Security Policy Model is the concept of Conflict of Interest (COI). The concept can be modeled by an anti-reflexive, symmetric and transitive binary relation. In this project, by extending Dr. Lin’s Model, we explore the security issues in the environment of cloud computing and develop a small system of the Chinese Wall Security Model

Information Flow Model for Commercial Security

Information flow in Discretionary Access Control (DAC) is a well-known difficult problem. This paper formalizes the fundamental concepts and establishes a theory of information flow security. A DAC system is information flow secure (IFS), if any data never flows into the hands of owner’s enemies (explicitly denial access list.

Towards a Definitive Paradigm for Security in Object-Oriented Systems and Applications

The utilization of the object-oriented approach to design and develop systems/applications has continued to increase throughout the 1990s. Security concerned users and organizations must now protect and control access to object-oriented systems and applications. This paper frames a paradigm for security in object-oriented systems and applications by addressing the following: ffl Shouldn't security be elevated to a first-class partner throughout the entire design and development process? ffl What will be the role of existing approaches to security? ffl What characteristics of the object-oriented approach should influence the approach to its security? ffl How will assurance and consistency be attained during the definition, usage, and evolution 1 INTRODUCTION 2 of an application's security policy? In order to answer these and other questions, an interdisciplinary framework is needed that merges programming languages, software engineering, and databases. The main intent of this paper is..