Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A lattice model of secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Analyzing information-flow in java program based on slicing technique
ACM SIGSOFT Software Engineering Notes
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
A brief survey of program slicing
ACM SIGSOFT Software Engineering Notes
The SCIFC Model for Information Flow Control in Web Service Composition
ICWS '09 Proceedings of the 2009 IEEE International Conference on Web Services
Security Policy Definition Framework for SOA-Based Systems
WISE '09 Proceedings of the 10th International Conference on Web Information Systems Engineering
| Hi-index | 0.00 |
This paper presents a concept of incorporating information flow control (IFC) mechanisms into service-oriented systems. As opposed to existing IFC proposals, commonly imposing requirements hard or impossible to achieve in service-oriented environments (such as analysis of the application code), our solution fully complies with the Service Oriented Architecture (SOA) model. We present how IFC can be managed in an SOA system by using ORCA security policy language. We also describe two possible implementations of such SOA-specific IFC mechanisms using cryptographic keys and poly-instantiated web services.