Information Flow Control in Object-Oriented Systems

We describe a high assurance discretionary access control model for object oriented systems. The model not only ensures protection against Trojan horses leaking information, but provides the flexibility of discretionary access control at the same time. The basic idea of our approach is to check all information flows among objects in the system in order to block possible illegal flows. An illegal flow arises when information is transmitted from one object to another object in violation of the security policy. The interaction modes among objects are taken into account in determining illegal flows. We consider three different interaction modes that are standard interaction modes found in the open distributed processing models. The paper presents formal definitions and proof of correctness of our flow control algorithm.

[1]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[3]  A. L. Wilkinson,et al.  A penetration analysis of a Burroughs Large System , 1981, OPSR.

[4]  R. G. Cattell Object Data Management: Object-Oriented and Extended , 1994 .

[5]  Alley Stoughton Access Flow: A Protection Model which Integrates Access Control and Information Flow , 1981, 1981 IEEE Symposium on Security and Privacy.

[6]  Kais Atallah,et al.  Large electromechanical actuation systems for flight control surfaces , 1998 .

[7]  Udo Kelter Discretionary access controls in a high-performance object management system , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Ira S. Moskowitz,et al.  A pump for rapid, reliable, secure communication , 1993, CCS '93.

[10]  K. G. Walter,et al.  Primitive Models for Computer Security , 1974 .

[11]  Paul A. Karger,et al.  Limiting the Damage Potential of Discretionary Trojan Horses , 1987, 1987 IEEE Symposium on Security and Privacy.

[12]  Sushil Jajodia,et al.  Supporting Timing-Channel Free Computations in Multilevel Secure Object-Oriented Databases , 1991, DBSec.

[13]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .