Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Information Flow Control among Objects in Role-Based Access Control Model
DEXA '01 Proceedings of the 12th International Conference on Database and Expert Systems Applications
Secure Information Flow and Pointer Confinement in a Java-like Language
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A protection scheme for collaborative environments
Proceedings of the 2003 ACM symposium on Applied computing
Embedding role-based access control model in object-oriented systems to protect privacy
Journal of Systems and Software
Security policies for downgrading
Proceedings of the 11th ACM conference on Computer and communications security
Providing flexible access control to an information flow control model
Journal of Systems and Software
Stack-based access control and secure information flow
Journal of Functional Programming
An agent-based inter-application information flow control model
Journal of Systems and Software - Special issue: Software engineering education and training
An information flow control model for C applications based on access control lists
Journal of Systems and Software
Maintaining privacy on derived objects
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Managing role relationships in an information flow control model
Journal of Systems and Software
Enforcing robust declassification and qualified robustness
Journal of Computer Security - Special issue on CSFW17
Quantitative information flow as network flow capacity
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Static analysis for inference of explicit information flow
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Declassification: Dimensions and principles
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
On declassification and the non-disclosure policy
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Introducing reference flow control for detecting intrusion symptoms at the OS level
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Fine-grained sticky provenance architecture for office documents
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Creating objects in the flexible authorization framework
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
A privacy enhanced role-based access control model for enterprises
ICCNMC'05 Proceedings of the Third international conference on Networking and Mobile Computing
Privacy-sensitive information flow with JML
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
Hi-index | 0.00 |
Abstract: This paper presents an approach to control information flow in object-oriented systems that takes into account, besides authorizations on objects, also how the information has been obtained and/or transmitted. These aspects are considered by allowing exceptions to the restrictions stated by the authorizations. Exceptions are specified by means of waivers associated with methods. Two kinds of waivers are supported: invoke-waivers, specifying exceptions applicable during a method's execution, and reply-waivers, specifying exceptions applicable to the information returned by a method. Information flowing from one object into another object is subject to the different waivers of the methods enforcing the transmission. We formally characterize information transmission and flow in a transaction taking into consideration different interaction modes among objects. We then define security specifications, meaning authorizations and waivers, and characterize safe information flows. We formally define conditions whose satisfaction ensures absence of unsafe flows and present an algorithm enforcing these conditions.