CACL: efficient fine-grained protection for objects
OOPSLA '92 conference proceedings on Object-oriented programming systems, languages, and applications
Implementing the message filter object-oriented security model without trusted subjects
Results of the Sixth Working Conference of IFIP Working Group 11.3 on Database Security on Database security, VI : status and prospects: status and prospects
An approach to authorization modeling in object-oriented database systems
Data & Knowledge Engineering
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
A lattice model of secure information flow
Communications of the ACM
Supporting Access Control in an Object-Oriented Database Language
EDBT '92 Proceedings of the 3rd International Conference on Extending Database Technology: Advances in Database Technology
Data Hiding and Security in Object-Oriented Databases
Proceedings of the Eighth International Conference on Data Engineering
Supporting Timing-Channel Free Computations in Multilevel Secure Object-Oriented Databases
Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects
An authorization model for temporal and derived data: securing information portals
ACM Transactions on Information and System Security (TISSEC)
Concurrency control based on role concept
International Journal of High Performance Computing and Networking
Preventing Illegal Information Flow Based on Role-Based Access Control Model
NBiS '08 Proceedings of the 2nd international conference on Network-Based Information Systems
A purpose-based synchronisation protocol of multiple transactions in multi-agent systems
International Journal of Business Intelligence and Data Mining
A legal information flow (LIF) scheduler based on role-based access control model
Computer Standards & Interfaces
Role-based scheduling and synchronization algorithms to prevent illegal information flow
NBiS'07 Proceedings of the 1st international conference on Network-based information systems
Creating objects in the flexible authorization framework
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
| Hi-index | 0.00 |
Discretionary access control, based on checking access requests against users' authorizations, does not provide any way of restricting the usage of information once it has been “legally” accessed. This makes discretionary systems vulnerable to Trojan Horses maliciously leaking information. Therefore the need arises for providing additional controls limiting the indiscriminate flow of information in the system. This paper proposes a message filter complementing discretionary authorization control in object-oriented systems to limit the vulnerability of authorization systems to Trojan Horses. The encapsulation property of the object-oriented data model, which requires that access to objects be possible only through defined methods, makes information flow in such systems have a very concrete and natural embodiment in the form of messages and their replies. As a result, information information flow can be controlled by mediating the transmission of messages exchanged between objects. The message filter intercepts every message exchanged between objects to ensure that information is not leaked to objects accessible by users not allowed for it.