Modeling in Confidentiality and Integrity for a Supply Chain Network

Bell-LaPadula Model and Markov Chain Model are used for supply chain networks in the previous literature. However, Bell-LaPadula Model only considers the confidentiality aspect of security. Markov Chain Model is used to simulate the dynamics of the security states. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The purpose of this paper is to apply Clark-Wilson model to the supply chain network integrity. The major concepts of the Clark-Wilson model such as separation of duty, constrained data items, well-formed transactions, and transform procedures are applied to different situations of a supply chain network

Simulation of a Two-Category Secured Access Database

Electronic commerce users continually access sensitive information on business databases through the Internet. In order to protect databases from unauthorized access, confidentiality policies must be applied. Confidentiality of the database is often protected by data encryption or proprietary software. It can be protected by a monitoring system using Markov Chain and Bell- LaPadula Models. In this paper, a two category secured access database model by semi-Markov chains is discussed. This paper simulates this simplified two category secured access database model, and issues on security management are also addressed

Security Modeling on the Supply Chain Networks

In order to keep the price down, a purchaser sends out the request for quotation to a group of suppliers in a supply chain network. The purchaser will then choose a supplier with the best combination of price and quality. A potential supplier will try to collect the related information about other suppliers so he/she can offer the best bid to the purchaser. Therefore, confidentiality becomes an important consideration for the design of a supply chain network. Chen et al. have proposed the application of the Bell-LaPadula model in the design of a secured supply chain network. In the Bell-LaPadula model, a subject can be in one of different security clearances and an object can be in one of various security classifications. All the possible combinations of (Security Clearance, Classification) pair in the Bell-LaPadula model can be thought as different states in the Markov Chain model. This paper extends the work done by Chen et al., provides more details on the Markov Chain model and illustrates how to use it to monitor the security state transition in the supply chain network

Simulation of a two-category secured access database

Electronic commerce users continually access sensitive information on business databases through the Internet. In order to protect databases from unauthorized access, confidentiality policies must be applied. Confidentiality of the database is often protected by data encryption or proprietary software. It can be protected by a monitoring system using Markov Chain and Bell-LaPadula Models. In this paper, a two category secured access database model by semi-Markov chains is discussed. This paper simulates this simplified two category secured access database model, and issues on security management are also addressed. [PUBLICATION ABSTRACT

Obstacle of Team Teaching and Collaborative Learning in Information Security

The field of information security includes diverse contents such as network security and computer forensics which are highly technical-oriented topics. In addition, information forensic requires the background of criminology. The information security also includes non-technical content such as information ethics and security laws. Because the diverse nature of information security, Shing et al. has proposed the use of team teaching and collaborative learning for the information security classes. Although team teaching seems to be efficient in information security, practically it needs a few challenges. The Purdue's case mentioned in Shing's paper has funding support of National Security Agency (NSA). However, a vast amount of resources may not be available for an instructor in a normal university. In addition, many obstacles are related to the administration problems. For example, how are the teaching evaluations computed if there are multiple instructors for a single course? How will instructors in a computer forensics class prepare students (criminal justice majors and information technology majors) before taking the same class with diverse background? The paper surveyed approximately 25 students in a university in Virginia concerning the satisfaction of team-teaching. Finally, this paper describes ways to meet those challenges

Confidentiality modelling and simulation and validation in a simplified database access

In a simplified secured database access model, privileged group and public group can access data with any distribution. In order to secure the database, the confidentiality policy must be applied. Often, the management of the database privacy is neglected because data integrity has a higher priority in an environment dealing with insensitive data. This paper looked into the data confidentiality management and suggested use semi-Markov chains to model the security policy. A simulation experiment was used to validate the model