Object-oriented modeling and design
Object-oriented modeling and design
Multilevel security in the UNIX tradition
Software—Practice & Experience
Role-Based Access Control Models
Computer
Modeling mandatory access control in role-based security systems
Proceedings of the ninth annual IFIP TC11 WG11.3 working conference on Database security IX : status and prospects: status and prospects
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
Mandatory access control and role-based access control revisited
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
IEEE Transactions on Software Engineering
Exception-based information flow control in object-oriented systems
ACM Transactions on Information and System Security (TISSEC)
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The Unified Modeling Language reference manual
The Unified Modeling Language reference manual
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Transactions on Information and System Security (TISSEC)
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Untrusted hosts and confidentiality: secure program partitioning
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Lattice-Based Access Control Models
Computer
Information Flow Control in Object-Oriented Systems
IEEE Transactions on Knowledge and Data Engineering
A Role-Based Access Control for Intranet Security
IEEE Internet Computing
Access Rights Administration in Role-Based Security Systems
Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Role Hierarchies and Constraints for Lattice-Based Access Controls
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Information Flow in a Purpose-Oriented Access Control Model
ICPADS '97 Proceedings of the 1997 International Conference on Parallel and Distributed Systems
A Formal Model for Role-Based Access Control with Constraints
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
An Object-Oriented RBAC Model for Distributed System
WICSA '01 Proceedings of the Working IEEE/IFIP Conference on Software Architecture
A Purpose-Oriented Access Control Model
ICOIN '98 Proceedings of the 13th International Conference on Information Networking
Information Flow Control in Role-Based Model for Distributed Objects
ICPADS '01 Proceedings of the Eighth International Conference on Parallel and Distributed Systems
Providing flexibility in information flow control for object oriented systems
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Embedding role-based access control model in object-oriented systems to protect privacy
Journal of Systems and Software
An information flow control model for C applications based on access control lists
Journal of Systems and Software
| Hi-index | 0.00 |
Protecting privacy within an application is essential. Many information flow control models have been developed for that protection. We developed an information flow control model based on role-based access control (RBAC) for object-oriented systems, which is called OORBAC (object-oriented role-based access control). According to the experiences of using OORBAC, we found that a model allowing every secure information flow and blocking every non-secure flow is too restricted. We propose that the following flexible access control features should be offered: (a) non-secure but harmless information flows should be allowed and (b) secure but harmful information flows should be blocked. According to our survey, no existing model offers the above control. We thus revised OORBAC to offer the control. The revised OORBAC have been implemented and evaluated. This paper presents flexible access control in the revised OORBAC and the evaluation result.