Expression and enforcement of confidentiality policy in active databases
Proceedings of the International Conference on Management of Emergent Digital EcoSystems
Consistency policies for dynamic information systems with declassification flows
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
| Hi-index | 0.01 |
In existing systems, information are protected by security models that control the accesses to the information, depending on their security level. In such systems, allowing accesses that were previously denied by diminishing the security level of the information is called downgrading. Controlling this downgrade of sensitive information is an important issue in computer security, as it requires the definition of formal security models able to express contextual authorisations for some information flows. In traditional security models, information downgrading is however most of the time not taken into account and must be managed by external systems. In some recent security models, information downgrading is defined, but for specific security policies, which limits the downgrading controls. In order to be able to express a generic information downgrading control, we present in this article a formalization of the different concepts of downgrading and we propose a model to specify and control downgrade operations. Contrary to existing downgrading models, our model relies on an abstract security policy in order to define downgrading controls that are not restricted to specific scenarios.