A New Approach to Data Dynamic Integrity Control

Proper access control is one of the most important issues in computer security. It consists of securing a system with respect to availability, confidentiality, and integrity. Integrity is about making sure that only proper modifications take place. Some integrity models are static in nature, which may limit their capabilities for better protection of a system. In some cases like in the collaborative authoring systems (e.g. Wikipedia), such static models are not desired because there is a need for continuous evaluations of posted work. This motivated us to present a dynamic integrity model based on a metric we call the modification factor to evaluate whether the integrity level should be changed up or down. Furthermore, our dynamic model allows us to establish a level of trustworthiness that an entity has as a source or destination of information.

[1]  Mark Ryan,et al.  Modelling Dynamic Access Control Policies for Web-Based Collaborative Systems , 2010, DBSec.

[2]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[3]  Hasan Qunoo,et al.  Towards Modelling and Verifying Dynamic Access Control Policies for Web-based Collaborative Systems , 2009 .

[4]  Zhang Lei,et al.  A Mandatory Access Control Model Based on Concept Lattice , 2011, 2011 International Conference on Network Computing and Information Security.

[5]  Lirong Xiong,et al.  Lattice Based BLP Extended Model , 2009, 2009 Second International Conference on Future Information Technology and Management Engineering.

[6]  Ravi S. Sandhu,et al.  On Five Definitions of Data Integrity , 1993, Database Security.

[7]  Ryan Ausanka-Crues,et al.  Methods for Access Control : Advances and Limitations , 2006 .

[8]  Bin Liang,et al.  Trust-oriented Access Control based on Sources of Information Flow , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[9]  Zhaoyu Liu,et al.  A dynamic trust model for mobile ad hoc networks , 2004, Proceedings. 10th IEEE International Workshop on Future Trends of Distributed Computing Systems, 2004. FTDCS 2004..

[10]  Elisa Bertino,et al.  Systematic control and management of data integrity , 2006, SACMAT '06.

[11]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[12]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[13]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[14]  Matt Bishop Introduction to Computer Security , 2004 .

[15]  Mingxi Zhang,et al.  Strict Integrity Policy of Biba Model with Dynamic Characteristics and its Correctness , 2009, 2009 International Conference on Computational Intelligence and Security.