Journal Article10.1145/290163.290167
Exception-based information flow control in object-oriented systems
40
TL;DR: This work proposes an approach to control unsafe flows and presents an algorithm to enforce it, formally characterize information transmission and flow in a transaction and define the conditions for safe information flow.
read more
Abstract: We present an approach to control information flow in object-oriented systems. The decision of whether an information flow is permitted or denied depends on both the authorizations specified on the objects and the process by which information is obtained and transmitted. Depending on the specific computations, a process accessing sensitive information could still be allowed to release information to users who are not allowed to directly access it. Exceptions to the permissions and restrictions stated by the authorizations are specified by means of exceptions associated with methods. Two kinds of exceptions are considered: invoke exceptions, applicable during a mehtod execution and reply exceptions applicable to the information returned by a method. Information flowing from one object into another or returned to the user is subject to the different exceptions specified for the methods enforcing the transmission. We formally characterize information transmission and flow in a transaction and define the conditions for safe information flow. We define security specifications and characterize safe information flows. We propose an approach to control unsafe flows and present an algorithm to enforce it. We also illustrate an efficient implementation of our controls and present some experimental results evaluating its performance.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Access Control: Policies, Models, and Mechanisms
Pierangela Samarati,Sabrina De Capitani di Vimercati +1 more
- 01 Sep 2000
TL;DR: This chapter investigates the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration.
•Journal Article
Access control : Policies, models, and mechanisms
TL;DR: In this article, the basic concepts behind access control design and enforcement are investigated, and different security requirements that may need to be taken into consideration, and several access control policies and models formalizing them are discussed.
643
•Dissertation
A policy framework for management of distributed systems
Nicodemos Constantinou Damianou
- 01 Jan 2002
TL;DR: This paper aims to provide a chronology of the events leading to and following the publication of this book and some of the main events leading up to and including the publication.
194
W-RBAC — A Workflow Security Model Incorporating Controlled Overriding of Constraints
TL;DR: A pair of role-based access control models for workflow systems, collectively known as the W-RBAC models, based on a framework that couples a powerful RBAC-based permission service and a workflow component with clear separation of concerns for ease of administration of authorizations.
191
Access Control in Data Management Systems
TL;DR: This book provides an overview of the various developments in access control for data management systems, by surveying the most relevant proposals and analyzing the benefits and drawbacks of each paradigm in view of the requirements of different application domains.
54
References
•Book
Cryptography and data security
Dorothy E. Denning
- 01 Jan 1982
TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
2.2K
Secure Computer System: Unified Exposition and Multics Interpretation
D. Elliott Bell,Leonard J. La Padula +1 more
- 01 Mar 1976
TL;DR: A suggestive interpretation of the model in the context of Multics and a discussion of several other important topics (such as communications paths, sabotage and integrity) conclude the report.
A lattice model of secure information flow
TL;DR: The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches to formulating the requirements of secure information flow among security classes.
An Axiomatic Approach to Information Flow in Programs
TL;DR: It is shown that flow rules and correctness rules can be combined to form an even more powerful proof system.
175
Beyond the pale of MAC and DAC-defining new forms of access control
C.J. McCollum,J.R. Messing,L. Notargiacomo +2 more
- 07 May 1990
TL;DR: Two new forms of access controls to respond to DoD/intelligence data protection requirements that cannot be handled through traditional mandatory (MAC) or discretionary (DAC) access controls are proposed, and an informal model is presented that provides a common framework for representing both.
155