Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


The application of the Chinese wall security policy model (CWSPM) to control the information flows between two or more competing and/or conflicting companies in cloud computing (Multi-tenancy) or in the social network, is a very interesting solution. The main goal of the Chinese Wall Security Policy is to build a wall between the datasets of competing companies, and among the system subjects. This is done by the applying to the subjects mandatory rules, in order to control the information flow caused between them. This problem is one of the hottest topics in the area of cloud computing (as a distributed system) and has been attempted in the past; however the proposed solutions cannot deal with the composite information flows problem (e.g., a malicious Trojan horses problem), caused by the writing access rule imposed to the subject on the objects. In this article, we propose a new CWSP model, based on the access query type of the subject to the objects using the concepts of the CWSP. We have two types of walls placement, the first type consists of walls that are built around the subject, and the second around the object. We cannot find inside each once wall two competing objects' data. We showed that this mechanism is a good alternative to deal with some previous models' limitations. The model is easy to implement in a distributed system (as Cloud-Computing). It is based on the technique of Object Oriented Programming (Can be used in Cloud computing "Software as a service SaaS") or by using the capabilities as an access control in real distributed system.


Alqahtani, S. M., Gamble, R., & Ray, I. (2013). Auditing requirements for implementing the chinese wall model in the service cloud. In Services (services), 2013 ieee ninth world congress on (pp. 298-305).

Atluri, V., Chun, S. A., & Mazzoleni, P. (2004). Chinese wall security for decentralized workflow management systems. Journal of Computer Security, 12 (6), 799-840.

Bell, D. E., & La Padula, L. J. (1976). Secure computer system: Unified exposition and multics interpretation (Tech. Rep.). DTIC Document.

Brewer, D. F., & Nash, M. J. (1989). The chinese wall security policy. In Security and privacy, 1989. proceedings., 1989 ieee symposium on (pp. 206-214).

Hsiao, Y.-C., & Hwang, G.-H. (2010). Implementing the chinese wall security model in workflow management systems. In Parallel and distributed processing with applications (ispa), 2010 international symposium on (pp. 574-581).

Kesarwani, A., Gupta, C., Tripathi, M. M., Gupta, V., Gupta, R., & Chaurasiya, V. K. (2011). Implementation of chinese wall model in cloud computing for enhanced security. In Emerging trends in networks and computer communications (etncc), 2011 international conference on (pp. 411{413).

Lin, T. Y. (1989). Chinese wall security policy-an aggressive model. In Computer security applications conference, 1989., fifth annual (pp. 282-289).

Lin, T. Y. (2000). Chinese wall security model and conflict analysis. In 24th international computer software and applications conference (COMPSAC 2000), 25-28 october 2000, taipei, taiwan (pp. 122-127).

Lin, T. Y. (2002). Placing the chinese walls on the boundary of conflicts - analysis of symmetric binary relations. In 26th international computer software and applications conference (COMPSAC 2002), prolonging software life: Development and redevelopment, 26-29 august 2002, oxford, england, proceedings (pp. 966-974).

Lin, T. Y. (2003). Chinese wall security policy models: Information flows and confining trojan horses. In Data and applications security XVII: status and prospects, IFIP TC-11 WG 11.3 seventeenth annual working conference on data and application security, august4-6, 2003, estes park, colorado, USA (pp. 275-287).

Lin, T. Y. (2007). Chinese wall security policy-revisited a short proof. In Systems, man and cybernetics, 2007. isic. ieee international conference on (pp. 3027-3028).

Lin, T. Y. (2015, Oct). Chinese wall security policies information flows in business cloud. In 2015 ieee international conference on big data (big data) (p. 1603-1607). doi: 10.1109/BigData.2015.7363927

Minsky, N. H. (2004). A decentralized treatment of a highly distributed chinese-wall policy. In Policies for distributed systems and networks, 2004. policy 2004. proceedings. fifth ieee international workshop on (pp. 181-184).

Pawlak, Z. (1984). On conflicts. International Journal of Man-Machine Studies, 21 (2), 127-134.

Pawlak, Z. (1997). Analysis of conflicts. In Joint conference of information science, research triangle park, north carolina (pp. 350-352).

Sandhu, R. S. (1992). Lattice-based enforcement of chinese walls. Computers & Security, 11 (8), 753-763.

Sharifi, A., & Tripunitara, M. V. (2013). Least-restrictive enforcement of the chinese wall security policy. In Proceedings of the 18th acm symposium on access control models and technologies (pp. 61-72).

Tsai, T.-H., Chen, Y.-C., Huang, H.-C., Huang, P.-M., & Chou, K.-S. (2011). A practical chinese wall security model in cloud computing. In Network operations and management symposium (apnoms), 2011 13th asia-pacific (pp. 1-4).

Wu, R., Ahn, G.-J., Hu, H., & Singhal, M. (2010). Information flow control in cloud computing. In Collaborative computing: Networking, applications and worksharing (collaboratecom), 2010 6th international conference on (pp. 1-7).

Xie, X., Ray, I., Adaikkalavan, R., & Gamble, R. (2013). Information flow control for stream processing in clouds. In Proceedings of the 18th acm symposium on access control models and technologies (pp. 89-100).



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.