Information systems have to be consistent and secure in presence of multiple conflicting transactions. The role-based access control (RBAC) model is widely used to keep information systems consistent and secure. A role shows a job function in an enterprise and is a set of access rights (permissions). Here, a subject s is allowed to issue a method op to an object o only if an access right is included in the roles granted to the subject s. A subject is granted one or more than one role and issues a transaction to multiple objects. The transaction is assigned with some roles of the subject which is referred to as purpose. Even if every access request issued by every subject is authorized in the roles, illegal information flow might occur as well known confinement problem. In this paper, we define a legal information flow (LIF) relation (R"1 @?^IR"2) among a pair of role families R"1 and R"2 to prevent illegal information flow. Here, an LIF relation R"1 @?^IR"2 shows that no illegal information flow occur if a transaction T"1 with a role family R"1 is performed prior to another transaction T"2 with a role family R"2. In addition, it is significant to discuss which transaction to be performed prior to another transaction if the both transactions manipulate the same object in a conflicting way. In this paper, we define a significantly precedent relation R"1 @?^sR"2 among role families R"1 and R"2 which implies that the role family R"2 is more significant than R"1. Suppose a pair of transactions T"1 and T"2 with role families R"1 and R"2 issue conflicting methods op"1 and op"2, respectively, to an object o. If R"1 @?^sR"2, op"2 is performed on the object o prior to op"1. The more significant a transaction is, the more prior it is performed. We discuss a legal information flow (LIF) scheduler to synchronize transactions so as to prevent illegal information flow and to serialize conflicting methods from multiple transactions in terms of significancy and information flow relation of roles families. We evaluate the LIF scheduler in terms of how much illegal information flow can be prevented compared with the other scheduler.
[1]
Jim Gray,et al.
Notes on Data Base Operating Systems
,
1978,
Advanced Course: Operating Systems.
[2]
Ravi S. Sandhu,et al.
Role-Based Access Control Models
,
1996,
Computer.
[3]
Ravi S. Sandhu,et al.
Lattice-based access control models
,
1993,
Computer.
[4]
Tomoya Enokido,et al.
Moderate Concurrency Control in Distributed Object Systems
,
2004,
DEXA.
[5]
Tomoya Enokido,et al.
Role-based concurrency control for distributed systems
,
2006,
20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).
[6]
Zahir Tari,et al.
A Role-Based Access Control for Intranet Security
,
1997,
IEEE Internet Comput..
[7]
Makoto Takizawa,et al.
Information flow control in role-based model for distributed objects
,
2001,
Proceedings. Eighth International Conference on Parallel and Distributed Systems. ICPADS 2001.
[8]
Tomoya Enokido,et al.
Concurrency control based on significancy on roles
,
2005,
11th International Conference on Parallel and Distributed Systems (ICPADS'05).
[9]
Tomoya Enokido,et al.
Concurrency Control using Subject- and Purpose-Oriented (SPO) View
,
2007,
The Second International Conference on Availability, Reliability and Security (ARES'07).
[10]
Vijayalakshmi Atluri,et al.
Role-based Access Control
,
1992
.
[11]
D. Richard Kuhn,et al.
Role-Based Access Controls
,
2009,
ArXiv.
[12]
Irving L. Traiger,et al.
The notions of consistency and predicate locks in a database system
,
1976,
CACM.
[13]
Dorothy E. Denning,et al.
A lattice model of secure information flow
,
1976,
CACM.
[14]
Elisa Bertino,et al.
High assurance discretionary access control for object bases
,
1993,
CCS '93.