In Decentralized Information Flow Control Model, Label is used for marking security level of sensitive data (such as static file, memory data or network packet). Anyone who wants to access the labeled data must obtain relative label first, so authorization is a process that the data owner give data receiver the capability to get the label. Traditionally, most researchers focus on the DIFC model innovation and application, few pay attention to how to disseminate the privilege of adding tag or removing tag. Fine-grained privilege propagation is the foundation for sharing sensitive data securely. In this paper we propose the model of fine-grained privilege propagation. The model provides label privilege granting and revocation in process level and describes four level of authorization for more flexible privilege propagation. The experiments demonstrate that FPPM improves the flexibility of data sharing.
[1]
Dorothy E. Denning,et al.
A lattice model of secure information flow
,
1976,
CACM.
[2]
Andrew C. Myers,et al.
JFlow: practical mostly-static information flow control
,
1999,
POPL '99.
[3]
Andrew C. Myers,et al.
A decentralized model for information flow control
,
1997,
SOSP.
[4]
Eddie Kohler,et al.
Making information flow explicit in HiStar
,
2006,
OSDI '06.
[5]
Andrew C. Myers,et al.
Jif: java information flow
,
1999
.
[6]
Andrew C. Myers,et al.
Protecting privacy using the decentralized label model
,
2000,
Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].
[7]
K. J. Bma.
Integrity considerations for secure computer systems
,
1977
.
[8]
Eddie Kohler,et al.
Information flow control for standard OS abstractions
,
2007,
SOSP.