SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Database security
An Axiomatic Approach to Information Flow in Programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
A lattice model of secure information flow
Communications of the ACM
Cryptography and data security
Cryptography and data security
Information Flow Control in Object-Oriented Systems
IEEE Transactions on Knowledge and Data Engineering
A penetration analysis of a Burroughs Large System
ACM SIGOPS Operating Systems Review
Reflective authorization systems: possibilities, benefits, and drawbacks
Secure Internet programming
Modelling audit security for Smart-Card payment schemes with UML-SEC
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Embedding role-based access control model in object-oriented systems to protect privacy
Journal of Systems and Software
Providing flexible access control to an information flow control model
Journal of Systems and Software
An agent-based inter-application information flow control model
Journal of Systems and Software - Special issue: Software engineering education and training
An information flow control model for C applications based on access control lists
Journal of Systems and Software
Managing role relationships in an information flow control model
Journal of Systems and Software
Super-sticky and declassifiable release policies for flexible information dissemination control
Proceedings of the 5th ACM workshop on Privacy in electronic society
Secured Information Flow for Asynchronous Sequential Processes
Electronic Notes in Theoretical Computer Science (ENTCS)
Preventing information leakage in C applications using RBAC-based model
SEPADS'06 Proceedings of the 5th WSEAS International Conference on Software Engineering, Parallel and Distributed Systems
| Hi-index | 0.00 |
We present an approach to control information flow in object-oriented systems. The decision of whether an information flow is permitted or denied depends on both the authorizations specified on the objects and the process by which information is obtained and transmitted. Depending on the specific computations, a process accessing sensitive information could still be allowed to release information to users who are not allowed to directly access it. Exceptions to the permissions and restrictions stated by the authorizations are specified by means of exceptions associated with methods. Two kinds of exceptions are considered: invoke exceptions, applicable during a mehtod execution and reply exceptions applicable to the information returned by a method. Information flowing from one object into another or returned to the user is subject to the different exceptions specified for the methods enforcing the transmission. We formally characterize information transmission and flow in a transaction and define the conditions for safe information flow. We define security specifications and characterize safe information flows. We propose an approach to control unsafe flows and present an algorithm to enforce it. We also illustrate an efficient implementation of our controls and present some experimental results evaluating its performance.