Abstract
Current information systems are more and more complex. They require more interactions between different components and users. So, ensuring system security must not be limited to using an access control model but also, it is primordial to deal with information flows in a system. Thus, an important function of a security policy is to enforce access to different system elements and supervise information flows simultaneously. Several works have been undertaken to join together models of access control and information flow. Unfortunately, beyond the fact that the reference model they use is BLP which is quite rigid, these research works suggest a non integrated models which do nothing but juxtapose access control and information flow controls or are based on a misuse of a mapping between MLS and RBAC models. In this paper, we suggest to formalize DTE model in order to use it as a solution for a flexible information flow control. Then, we integrate it into an unique access control model expressive enough to handle access and flow control security rules. The expressivity of the OrBAC model makes this integration possible and quite natural.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
References
Sandhu, R.S.: Lattice-Based Access Control Models. IEEE Computer 26(11), 9–19 (1993)
Nyanchama, M., Osborn, S.: Information Flow Analysis in Role-Based Security Systems. In: Proc. ICCI 1994. International Conference on Computing and Information, pp. 1368–1384 (1994)
Nyanchama, M., Osborn, S.: Modeling Mandatory Access Control in Role-Based Security Systems. In: IFIP Workshop on Database Security (1996)
Sandhu, R.: Role Hierarchies and Constraints for Lattice-Based Access Controls. In: Proc. Fourth European Symposium on Research in Computer Security, Rome, Italy (1996)
Osborn, S.: Mandatory Access Control and Role-Based Access Control Revisited. In: Proceedings of the second ACM workshop on Role-based access control, Fairfax, Virginia, United States, pp. 31–40 (1997)
Kuhn, D.R.: Role Based Access control on MLS Systems without Kernel changes. In: Proceedings of the third ACM Workshop on Role-Based Access Control, Fairfax, Virginia, United States, pp. 25–32 (1998)
Osborn, S., Sandhu, R., Munawer, Q.: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access control Policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)
Demurjian, S.: Implementation of Mandatory Access control in Role-Based Security System. CSE367 Final Project report (2001)
Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification. In: Proc. IEEE Computer Security Foundations Workshop, pp. 172–186 (June 2004)
Sandhu, R., Munawer, Q.: How to do discretionary access control using roles. In: Proc. of the 3rd ACM Workshop on Role Based Access Control (RBAC 1998), Fairfax, VA, USA (1998)
Atluri, V., Huang, W.-K.: Enforcing Mandatory and Discretionary security in Workflow Management Systems. Journal of Computer Security 5(4), 303–339 (1997)
Atluri, V., Huang, W.-K., Bertino, E.: A semantic Based Execution Model for Multilevel Secure Workflows. Journal of Computer Security 8(1) (2000)
Liu, L.: On secure Flow Analysis in Computer systems. In: Proc. IEEE Symposium on Research in Security and Privacy, pp. 22–33 (1980)
Millen, J.K.: Information Flow Analysis of Formal Specifications. In: Proc. IEEE Symposium on Research in Security and Privacy, pp. 3–8 (1981)
Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M., Haghighat, S.A.: Practical Domain and Type Enforcement for Unix. In: IEEE Symposium on Security and Privacy, Oakland, CA, USA (1995)
Tidswell, J., Potter, J.: Domain and Type Enforcement in a μ-Kemel. In: Proceedings of the 20th Australasian Computer Science Conference, Sydney, Australia (1997)
Kiszka, J., Wagner, B.: Domain and Type Enforcement for Real-Time Operating Systems. In: Proceedings ETFA 2003, Emerging Technologies and Factory Automation (2003)
Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miége, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks, Lake Come, Italy (2003)
Cuppens, F., Cuppens-Boulahia, N., Sans, T., Miége, A.: A formal approach to specify and deploy a network security policy. In: Second Workshop on Formal Aspects in Security and Trust (FAST), Toulouse, France (2004)
Cuppens, F., Cuppens-Boulahia, N., Miége, A.: Inheritance hierarchies in the Or-BAC model and application in a network environment. In: Second Foundations of Computer Security Workshop (FCS 2004), Turku, Finlande (2004)
Cuppens, F., Miége, A.: Modelling contexts in the Or-BAC model. In: 19th Annual Computer Security Applications Conference, Las Vegas (2003)
Boebert, W.E., Kain, R.Y.: A further Note on the Confinment Problem. In: Proceedings of the IEEE 1996 International Carnahan Conference on Security Technology, IEEE Computer Society, New York (1996)
Boebert, W.E., Kain, R.Y., Young, W.D.: The extended Access Matrix Model of Computer Security. ACM Sigsoft Software Engineering Notes 10(4) (1985)
Hallyn, S., Kearns, P.: Tools to Administer Domain and Type Enforcement. LISA XV. San Diego, CA (2001)
Oostendorp, K.A., Badger, L., Vance, C.D., Morrison, W.G., Petkac, M.J., Sherman, D.L., Sterne, D.F.: Domain and Type Enforcement Firewalls. In: Proceedings of the Thirteenth Annual Computer Security Applications Conference, San Diego, California, pp. 122–132 (1997)
Walker, K.M., Sterne, D.F., Lee Badger, M., Petkac, M.J., Shermann, D.L., Oostendorp, K.A.: Confining Root Programs with Domain and Type Enforcement (DTE). In: Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography, San Jose, California, vol. 6 (1996)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ayed, S., Cuppens-Boulahia, N., Cuppens, F. (2007). An Integrated Model for Access Control and Information Flow Requirements. In: Cervesato, I. (eds) Advances in Computer Science – ASIAN 2007. Computer and Network Security. ASIAN 2007. Lecture Notes in Computer Science, vol 4846. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76929-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-76929-3_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76927-9
Online ISBN: 978-3-540-76929-3
eBook Packages: Computer ScienceComputer Science (R0)