EditWYSIWYGAttach PDF Raw View►More Actions▼More Actions

Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in CBI_ComputerSecurity web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in CBI_ComputerSecurity web only

Revision Date Username Comment
1317 Nov 2014 - 10:49ThomasMisa 
1217 Nov 2014 - 10:43ThomasMisa 
1122 Oct 2013 - 12:20ThomasMisa 
1003 Oct 2013 - 15:25norqu036? 
919 Jun 2013 - 14:44ThomasMisa 
804 Jun 2013 - 12:54NicLewis 
703 Jun 2013 - 21:56NicLewis 
603 Jun 2013 - 20:47NicLewis 
503 Jun 2013 - 12:49NicLewis 
403 Jun 2013 - 10:57NicLewis 
earlier first

Render style:     Context:

 History: r13 < r12 < r11 < r10 < r9
[X] Hide this message.
Notice: On June 30, 2016, UMWiki service will be decommissioned. If you have information in UMWIki that needs to be preserved, you should make plans to move it before that date. Google Sites is anticipated to be the most popular and appropriate alternative for users because it offers a more modern and user-friendly interface and unlimited capacity. To learn more about the features of Google Sites and other alternatives, and to identify which one best fits your needs, see the University’s Website Solution Selection Guide. If you have concerns or would like help regarding this change and your options, please contact Technology Help at help@umn.edu
You are here: UMWiki>CBI_ComputerSecurity Web>Publications>PubBrewerNash (revision 10)

Current Activitieslock Who is Who?lock People Programs Publications CSHW_2014 Systems Events Mechanisms

Brewer-Nash (Chinese Wall) Model


David Brewer and Michael Nash first published the "Chinese Wall Security Policy" in 1989, citing as their influence the Clark-Wilson model of computer security. The Clark-Wilson model drew attention to the computer security requirements of business applications, observing that existing security models emphasized the demands of defense, but offered little guidance for commercial applications. Brewer and Nash devised the formalized Chinese Wall model in order to demonstrate its sound reasoning as a commercially-oriented model, and to invite comparison with alternative models. The authors focused their comparison on the Bell-LaPadula model, adopting Bell-LaPadula's concepts of subjects, objects, and security labels to facilitate the direct comparison.(1)(2)

In the financial sector, a "Chinese Wall" refers to a system of regulation that developed after the 1929 stock market crash. The Chinese Wall form of regulation stipulated that analysts had to avoid conflicts of interest when offering financial services to clients that might be in competition with one another, or with the firm providing the financial analysis. The intention was to reduce insider trading and other forms of financial fraud. The deregulation of financial markets in the UK (the 'big bang' of 1986) brought a return of Chinese Wall models of financial regulation. However, the increasingly common use of computer systems in the financial sector added greater complexity to the issue of avoiding conflicts of interest, and invited technological innovations to satisfy the demands of regulators.

Brewer and Nash adopted an information-flow model to determine which pieces of information a specific user should be allowed to view, depending upon what other information the user had previously accessed. In accordance with Bell-LaPadula, their Chinese Wall model designated analysts as subjects, and a company's information as objects. The security labels were made up of two indicators: the company dataset, and the company's conflict of interest class. The conflict of interest class indicated which companies were in competition. When an analyst accessed a company's dataset, the conflict of interest class would dynamically determine which other datasets the analyst was allowed to access. If a dataset had a conflict of interest class denoting a company in competition with a previously accessed dataset, the computer would not permit the analyst to view the new dataset. Adhering to the Bell-LaPadula *-property, write access was only permitted if all conflict of interest class stipulations were met.

The Chinese Wall model offered a real-world elaboration upon the commercially-oriented computer security policies first raised with Clark-Wilson, particularly with its innovative application of dynamic security labels in a commercial application.(3)(4)(5)


1 : lock David F. C. Brewer and Michael J. Nash, "The Chinese Wall Security Policy," 206, in Proceedings of the IEEE Symposium on Security and Privacy, 1989, Oakland, CA: IEEE Press, May 1989, 206-214. (Log-in required)

2 , 4 : Dieter Gollman, "Security Models," 630-631, in Karl de Leeuw and Jan Bergstra, eds., The History of Information Security: A Comprehensive Handbook, (Oxford, UK: Elsevier, 2007), 595-621.

3 : lock David F. C. Brewer and Michael J. Nash, "The Chinese Wall Security Policy," Proceedings of the IEEE Symposium on Security and Privacy, 1989, Oakland, CA: IEEE Press, May 1989, 206-214. (Log-in required)

5 : Jeffrey R. Yost, "An Interview with David Elliott Bell, OH 411," Charles Babbage Institute, 2012, 40-42.

Edit | WYSIWYG | Attach |  PDF |  History: r13 < r12 < r11 < r10 < r9 |  Backlinks |  Raw View | More topic actions...
Topic revision: r10 - 03 Oct 2013 - 15:25:17 - norqu036
Signed in as lewi0740 (NicLewis) | Sign out
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback