Role-based scheduling and synchronization algorithms to prevent illegal information flow

  • Authors:

  • Tomoya Enokido;Valbona Barolli;Makoto Takizawa

  • Affiliations:

  • Rissho University, Japan;Tokyo Denki University, Japan;Tokyo Denki University, Japan

  • Venue:
  • NBiS'07 Proceedings of the 1st international conference on Network-based information systems
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

Information systems have to be consistent and secure in presence of multiple conflicting transactions. The role-based access control model is widely used to keep information systems secure. Here, a role is a set of access rights, i.e. permissions. A subject is granted a family of roles, i.e. one or more than one role. A subject s is allowed to issue a method op to an object o only if an access right 〈o, op〉 is included in the roles granted to the subject s. In the access control models, even if every access request satisfies the access rules, illegal information flow might occur as well known confinement problem. In this paper, we define a legal information flow relation (R1 ⇒ R2) among a pair of role families R1 and R2. This means, no illegal information flow occur if a transaction T1 with a role family R1 is performed prior to another transaction T2 with R2. In addition, we define which role families are more significant than others in terms of types of methods and security classes of objects. Conflicting methods from different transactions are totally ordered in the significancy of roles of the transactions. We discuss how to synchronize transactions so as to prevent illegal information flow and how to serialize conflicting methods from multiple transactions in terms of significancy and information flow relation of roles families.