Skip to content

Page093

Information Flow Model

The Information Flow Model describes how information may flow in a secure system. Both Bell-LaPadula and Biba use the information flow model. Bell-LaPadula states “no read up” and “no write down.” Information flow describes how unclassified data may be read up to secret, for example, and then written up to top secret. Biba reverses the information flow path to protect integrity.

Chinese Wall Model

The Chinese Wall model is designed to avoid conflicts of interest by prohibiting one person, such as a consultant, from accessing multiple conflict of interest categories (CoIs). It is also called Brewer-Nash, named after model creators Dr. David Brewer and Dr. Michael Nash, and was initially designed to address the risks inherent in employing consultants working within banking and financial institutions [10].

Conflicts of interest pertain to accessing company-sensitive information from different companies that are in direct competition with one another. If a consultant had access to competing banks’ profit margins, he or she could use that information for personal gain. The Chinese Wall model requires that CoIs be identified so that once a consultant gains access to one CoI, they cannot read or write to an opposing CoI [10].

Non-interference

The non-interference model ensures that data at different security domains remain separate from one another. By implementing this model, the organization can be assured that covert channel communication does not occur because the information cannot cross security boundaries. Each data access attempt is independent and has no connection with any other data access attempt.

A covert channel is policy-violating communication that is hidden from the owner or users of a data system. There are unused fields within the TCP/IP headers, for example, which may be used for covert channels. These fields can also carry covert traffic, along with encrypting payload data within the packet. Many kinds of malware use these fields as covert channels for communicating back to malware command and control networks.