FlexFlow: A Flexible Flow Control Policy Specification Framework

We propose FlexFlow, a logic based flexible flow control framework to specify data-flow, work-flow and transaction systems policies that go beyond point-to-point flows. Both permissions and prohibitions are specifiable in FlexFlow and meta-policies such as permissions take precedence themselves can be specified over the meta-policy neutral policy specification environment of FlexFlow. We show the expressibility of FlexFlow by expressing three existing flow control models which were proposed for different applications and used different mechanisms.

[1]  BertinoElisa,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999 .

[2]  Elisa Bertino,et al.  Information Flow Control in Object-Oriented Systems , 1997, IEEE Trans. Knowl. Data Eng..

[3]  Allen Van Gelder,et al.  The Alternating Fixpoint of Logic Programs with Negation , 1993, J. Comput. Syst. Sci..

[4]  Simon N. Foley A model for secure information flow , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[5]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Marc Andries,et al.  Applying an update method to a set of receivers (extended abstract) , 1995, PODS '95.

[7]  Sushil Jajodia,et al.  Obligation monitoring in policy management , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[8]  William F. Clocksin,et al.  Programming in Prolog , 1987, Springer Berlin Heidelberg.

[9]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[10]  Dexter Kozen,et al.  Language-Based Security , 1999, MFCS.

[11]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[12]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[13]  Elisa Bertino,et al.  Providing flexibility in information flow control for object oriented systems , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[14]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[15]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[16]  Andrew C. Myers,et al.  Complete, safe information flow with decentralized labels , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).