Slicing object-oriented software
Proceedings of the 18th international conference on Software engineering
A note on the confinement problem
Communications of the ACM
Lattice-Based Access Control Models
Computer
Information Flow Control in Object-Oriented Systems
IEEE Transactions on Knowledge and Data Engineering
Authorization in CORBA Security
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Information Flow in a Purpose-Oriented Access Control Model
ICPADS '97 Proceedings of the 1997 International Conference on Parallel and Distributed Systems
An Introduction to the Practical Use of Coloured Petri Nets
Lectures on Petri Nets II: Applications, Advances in Petri Nets, the volumes are based on the Advanced Course on Petri Nets
Modular State Space Analysis of Coloured Petri Nets
Proceedings of the 16th International Conference on Application and Theory of Petri Nets
An Introduction to the Theoretical Aspects of Coloured Petri Nets
A Decade of Concurrency, Reflections and Perspectives, REX School/Symposium
Information Flow Control among Objects: Taking Foreign Objects into Control
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Information Flow Control in Role-Based Model for Distributed Objects
ICPADS '01 Proceedings of the Eighth International Conference on Parallel and Distributed Systems
Detecting and Debugging Insecure Information Flows
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
Hi-index | 0.00 |
We introduce a Colored Petri Net model for simulating and verifying information flow in distributed object systems. Access control is specified as prescribed by the OMG CORBA security specification. An insecure flow arises when information is transferred from one object to another in violation of the applied security policy. We provide precise definitions, which determine how discretionary access control is related to the secure or insecure transfer of information between objects. The model can be queried regarding the detected information flow paths and their dependencies. This is a valuable mean for the design of multilevel mandatory access control that addresses the problem of enforcing object classification constraints to prevent undesirable leakage and inference of sensitive information.