Information Flow Control among Objects in Role-Based Access Control Model

Various kinds of applications have to be secure in an object-based model. The secure system is required to not only protect objects from illegally manipulated but also prevent illegal information flow among objects. In this paper, we discuss how to resolve illegal information flow among objects in a role-based model. We define safe roles where no illegal information flow occurs. In addition, we discuss how to safely perform transactions with unsafe roles. We discuss an algorithm to check if illegal information flow occurs each time a method is performed.

[1]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[2]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[3]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[4]  Elisa Bertino,et al.  Providing flexibility in information flow control for object oriented systems , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[5]  Makoto Takizawa,et al.  Access Control Model in Object-Oriented Systems , 2000, DBSec.

[6]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[7]  A. Watson,et al.  OMG (Object Management Group) architecture and CORBA (common object request broker architecture) specification , 2002 .

[8]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[9]  Henry McGilton,et al.  The JavaTM Language Environment , 1998 .

[10]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[11]  C. V. Ramamoorthy,et al.  Knowledge and Data Engineering , 1989, IEEE Trans. Knowl. Data Eng..

[12]  Makoto Takizawa,et al.  Purpose-Oriented Access Control Model in Object-Based Systems , 1997, ACISP.

[13]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[14]  Zahir Tari,et al.  A Role-Based Access Control for Intranet Security , 1997, IEEE Internet Comput..

[15]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[16]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[17]  Elisa Bertino,et al.  Information Flow Control in Object-Oriented Systems , 1997, IEEE Trans. Knowl. Data Eng..

[18]  Hiroaki Higaki,et al.  A purpose-oriented access control model for information flow management , 1998 .

[19]  Makoto Takizawa,et al.  Information flow control in role-based model for distributed objects , 2001, Proceedings. Eighth International Conference on Parallel and Distributed Systems. ICPADS 2001.