On the design of access control to prevent sensitive information leakage in distributed object systems: a colored petri net based model

Authors:
Panagiotis Katsaros
Affiliations:
Department of Informatics, Aristotle University of Thessaloniki, Thessaloniki, Greece
Venue:
OTM'05 Proceedings of the 2005 OTM Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, COA, and ODBASE - Volume Part II
Year:
2005

Citing 12
Cited 0

Slicing object-oriented software

Proceedings of the 18th international conference on Software engineering
A note on the confinement problem

Communications of the ACM
Lattice-Based Access Control Models

Computer
Information Flow Control in Object-Oriented Systems

IEEE Transactions on Knowledge and Data Engineering
Authorization in CORBA Security

ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Information Flow in a Purpose-Oriented Access Control Model

ICPADS '97 Proceedings of the 1997 International Conference on Parallel and Distributed Systems
An Introduction to the Practical Use of Coloured Petri Nets

Lectures on Petri Nets II: Applications, Advances in Petri Nets, the volumes are based on the Advanced Course on Petri Nets
Modular State Space Analysis of Coloured Petri Nets

Proceedings of the 16th International Conference on Application and Theory of Petri Nets
An Introduction to the Theoretical Aspects of Coloured Petri Nets

A Decade of Concurrency, Reflections and Perspectives, REX School/Symposium
Information Flow Control among Objects: Taking Foreign Objects into Control

HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Information Flow Control in Role-Based Model for Distributed Objects

ICPADS '01 Proceedings of the Eighth International Conference on Parallel and Distributed Systems
Detecting and Debugging Insecure Information Flows

ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

We introduce a Colored Petri Net model for simulating and verifying information flow in distributed object systems. Access control is specified as prescribed by the OMG CORBA security specification. An insecure flow arises when information is transferred from one object to another in violation of the applied security policy. We provide precise definitions, which determine how discretionary access control is related to the secure or insecure transfer of information between objects. The model can be queried regarding the detected information flow paths and their dependencies. This is a valuable mean for the design of multilevel mandatory access control that addresses the problem of enforcing object classification constraints to prevent undesirable leakage and inference of sensitive information.