Dennis Kafura
Denis Gracanin
ABSTRACT
In this paper a meta-model for information flow control is defined using the foundation of Barker's access control meta-model. The purposes for defining this meta-model is to achieve a more principled understanding of information flow control, to compare information flow control and access control at an abstract level, and to explore how information flow control and access control might be composed to yield a rich new set of ideas and systems for controlling the dissemination of sensitive information. It is shown that it is possible to define a meta-model for information flow control, that such a model is more complex compared to the access control meta-model, and that the meta-models for information flow control and access control can be composed in a conceptually straightforward way.
- M. Bishop, Computer Security: Art and Science. Boston, MA: Pearson Education, 2003.Google Scholar
- W. Tolone, G.-J. Ahn, T. Pai, and S.-P. Hong, "Access control in collaborative systems," ACM Computing Surveys, vol. 37, pp. 29--41, 2005. Google ScholarDigital Library
- D. F. Ferraiolo and D. Kuhn, "Role Based Access Control," 15th National Computer Security Conference, 1992.Google Scholar
- D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, "Proposed NIST standard for Rel-Based Access Control," ACM Transactions on Information and Systems Security, vol. 4, pp. 224--274, 2001. Google ScholarDigital Library
- R. K. Thomas, "Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments," Proceedings of the Second ACM Workshop on Role-Based Access Control, Fairfax, Virginia, United States, 1997. Google ScholarDigital Library
- R. K. Thomas and R. S. Sandhu, "Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Authorization Management," Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, 1998. Google ScholarDigital Library
- S. Barker, M. J. Sergot, and D. Wijesekera, "Status-Based Access Control," ACM Trans. Inf. Syst. Secur., vol. 12, pp. 1--47, 2008. Google ScholarDigital Library
- E. Bertino, B. Catania, M. L. Damiani, and P. Perlasca, "GEO-RBAC: a spatially aware RBAC," Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, 2005. Google ScholarDigital Library
- S. M. Chandran and J. Joshi, "LoT-RBAC: A Location and Time-Based RBAC Model," Web Information Systems Engineering (WISE 2005), 2005. Google ScholarDigital Library
- C. K. Georgiadis, I. Mavridis, G. Pangalos, and R. K. Thomas, "Flexible team-based access control using contexts," Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, Chantilly, Virginia, United States, 2001. Google ScholarDigital Library
- J. H. Jafarian, and Amini, Morteza, "CAMAC: A Context-Aware Mandatory Access Control Model," ISeCure, The ISC International Journal of Information Security, vol. 1, pp. 35--54, 2009.Google Scholar
- Q. Ni, D. Lin, E. Bertino, and J. Lobo, "Conditional Privacy-Aware Role Based Access Control," 12th European Symposiun on Research in Computer Security (ESORICS 2007), Dresden, Germany, 2007. Google ScholarDigital Library
- Q. Ni, A. Trombetta, E. Bertino, and J. Lobo, "Privacy-aware role based access control," Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, Sophia Antipolis, France, 2007. Google ScholarDigital Library
- Q. Ni, E. Bertino, and J. Lobo, "An obligation model bridging access control policies and privacy policies," Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, Estes Park, CO, USA, 2008. Google ScholarDigital Library
- S. Barker, "The next 700 access control models or a unifying meta-model?," Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, Stresa, Italy, 2009. Google ScholarDigital Library
- S. Barker, "Personalizing access control by generalizing access control," Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, Pennsylvania, USA, 2010. Google ScholarDigital Library
- N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazieres, "Making information flow explicit in HiStar," Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7, Seattle, WA, 2006. Google ScholarDigital Library
- D. E. Denning, "A lattice model of secure information flow," Communication of the ACM, vol. 19, pp. 236--243, 1976. Google ScholarDigital Library
- W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, "TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones," Proceedings of the 9th USENIX conference on Operating Systems Design and Implementation, Vancouver, BC, Canada, 2010. Google ScholarDigital Library
- K. Hyung Chan, A. D. Keromytis, M. Covington, and R. Sahita, "Capturing Information Flow with Concatenated Dynamic Taint Analysis," in International Conference on Availability, Reliability and Security (ARES '09), 2009, pp. 355--362.Google Scholar
- A. C. Myers, "JFlow: practical mostly-static information flow control," Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Antonio, Texas, United States, 1999. Google ScholarDigital Library
- S. Vandebogart, P. Efstathopoulos, E. Kohler, M. Krohn, C. Frey, D. Ziegler, F. Kaashoek, R. Morris, and D. Mazieres, "Labels and event processes in the Asbestos operating system," ACM Transactions on Computer Systems, vol. 25, p. 11, 2007. Google ScholarDigital Library
- N. Zeldovich, S. Boyd-Wickizer, and D. Mazieres, "Securing distributed systems with information flow control," Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, San Francisco, California, 2008. Google ScholarDigital Library
- J. Park and R. Sandhu, "The UCONABC Usage Control Model," ACM Transactions on Information Systems Security, vol. 7, pp. 128--174, 2004. Google ScholarDigital Library
- S. Ayed, N. Cuppens-Boulahia, and F. Cuppens, "An integrated model for access control and information flow requirements," Proceedings of the 12th Asian Computing Science Conference on Advances in Computer Science: Computer and Network Security, Doha, Qatar, 2007. Google ScholarDigital Library
- V. Atluri, W.-K. Huang, and E. Bertino, "A semantic-based execution model for multilevel secure workflows," Journal on Computer Security, vol. 8, pp. 3--41, 2000. Google ScholarDigital Library
- U.S. Department of Defense, "Trusted Computer System Evaluation Criteria ", 1985, pp. 116.Google Scholar
- E. Staab and G. Muller, "MITRA: A Meta-Model for Information Flow in Trust and Reputation Architectures," Computing Research Repository (CoRR), vol. abs/1207.0405, 2012 2012.Google Scholar
- A. Sabelfeld and A. C. Myers, "Language-based information-flow security," IEEE Journal on Selected Areas in Communications, vol. 21, pp. 5--19, January 2003 2003. Google ScholarDigital Library
- A. C. Myers and B. Liskov, "Protecting privacy using the decentralized label model," ACM Transactions on Software Engingeering Methodology, vol. 9, pp. 410--442, 2000. Google ScholarDigital Library
- P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazieres, F. Kaashoek, and R. Morris, "Labels and event processes in the asbestos operating system," Proceedings of the twentieth ACM symposium on Operating systems principles, Brighton, United Kingdom, 2005. Google ScholarDigital Library
- I. Roy, D. E. Porter, M. D. Bond, K. S. McKinley, and E. Witchel, "Laminar: practical fine-grained decentralized information flow control," Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, Dublin, Ireland, 2009. Google ScholarDigital Library
- R. Wu, G.-J. Ahn, H. Hu, and M. Singhal, "Information Flow Control in Cloud Computing," The Fifth International Workshop on Trusted Collaboration (TrustCol 2010), Chicago, IL, USA, 2010.Google Scholar
- N. Broberg and D. Sands, "Paralocks: role-based information flow control and beyond," Proceedings of the 37th annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Madrid, Spain, 2010. Google ScholarDigital Library
Index Terms
- An information flow control meta-model
Recommendations
Towards Unifying RBAC with Information Flow Control
SACMAT '21: Proceedings of the 26th ACM Symposium on Access Control Models and TechnologiesRole-based Access Control (RBAC) is one of the most widely implemented access control models. In today's complex computing systems, one of the increasingly sought-after features for reliable security is information flow control. Although RBAC is a ...
Providing flexible access control to an information flow control model
Protecting privacy within an application is essential. Many information flow control models have been developed for that protection. We developed an information flow control model based on role-based access control (RBAC) for object-oriented systems, ...
An information flow control model for C applications based on access control lists
Access control within an application during its execution prevents information leakage. The prevention can be achieved through information flow control. Many information flow control models were developed, which may be based on discretionary access ...
Comments