Providing flexibility in information flow control for object oriented systems

This paper presents an approach to control information flow in object-oriented systems that takes into account, besides authorizations on objects, also how the information has been obtained and/or transmitted. These aspects are considered by allowing exceptions to the restrictions stated by the authorizations. Exceptions are specified by means of waivers associated with methods. Two kinds of waivers are supported: invoke-waivers, specifying exceptions applicable during a method's execution, and reply-waivers, specifying exceptions applicable to the information returned by a method. Information flowing from one object into another object is subject to the different waivers of the methods enforcing the transmission. We formally characterize information transmission and flow in a transaction taking into consideration different interaction modes among objects. We then define security specifications, meaning authorizations and waivers, and characterize safe information flows. We formally define conditions whose satisfaction ensures absence of unsafe flows and present an algorithm enforcing these conditions.

[1]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  K. G. Walter,et al.  Primitive Models for Computer Security , 1974 .

[3]  Paul A. Karger,et al.  Limiting the Damage Potential of Discretionary Trojan Horses , 1987, 1987 IEEE Symposium on Security and Privacy.

[4]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[5]  Elisa Bertino,et al.  Information Flow Control in Object-Oriented Systems , 1997, IEEE Trans. Knowl. Data Eng..

[6]  Chris Sivula,et al.  Reynolds and Reynolds Co. , 1993 .

[7]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  A. L. Wilkinson,et al.  A penetration analysis of a Burroughs Large System , 1981, OPSR.

[9]  Alley Stoughton Access Flow: A Protection Model which Integrates Access Control and Information Flow , 1981, 1981 IEEE Symposium on Security and Privacy.