Brewer-Nash model

A security model [BN89] to enforce the Chinese wall policy. (Compare: Bell-LaPadula model, Clark-Wilson model.)

Tutorial: All proprietary information in the set of commercial firms F(1), F(2), ..., F(N) is categorized into mutually exclusive conflict-of-interest classes I(1), I(2), ..., I(M) that apply across all firms. Each firm belongs to exactly one class. The Brewer-Nash model has the following mandatory rules:

• Brewer-Nash Read Rule: Subject S can read information object O from firm F(i) only if either (a) O is from the same firm as some object previously read by S or (b) O belongs to a class I(i) from which S has not previously read any object. (See: object, subject.)
• Brewer-Nash Write Rule: Subject S can write information object O to firm F(i) only if (a) S can read O by the Brewer-Nash Read Rule and (b) no object can be read by S from a different firm F(j), no matter whether F(j) belongs to the same class as F(i) or to a different class.