Multilevel security in the UNIX tradition
Software—Practice & Experience
Modeling mandatory access control in role-based security systems
Proceedings of the ninth annual IFIP TC11 WG11.3 working conference on Database security IX : status and prospects: status and prospects
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
Mandatory access control and role-based access control revisited
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
IEEE Transactions on Software Engineering
Exception-based information flow control in object-oriented systems
ACM Transactions on Information and System Security (TISSEC)
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Transactions on Information and System Security (TISSEC)
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Certification of programs for secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Information Flow Control in Object-Oriented Systems
IEEE Transactions on Knowledge and Data Engineering
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Role Hierarchies and Constraints for Lattice-Based Access Controls
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Information Flow in a Purpose-Oriented Access Control Model
ICPADS '97 Proceedings of the 1997 International Conference on Parallel and Distributed Systems
Specifying Application-level Security in Workflow Systems
DEXA '98 Proceedings of the 9th International Workshop on Database and Expert Systems Applications
An Object-Oriented RBAC Model for Distributed System
WICSA '01 Proceedings of the Working IEEE/IFIP Conference on Software Architecture
A Purpose-Oriented Access Control Model
ICOIN '98 Proceedings of the 13th International Conference on Information Networking
Information Flow Control in Role-Based Model for Distributed Objects
ICPADS '01 Proceedings of the Eighth International Conference on Parallel and Distributed Systems
Providing flexibility in information flow control for object oriented systems
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Embedding role-based access control model in object-oriented systems to protect privacy
Journal of Systems and Software
Providing flexible access control to an information flow control model
Journal of Systems and Software
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Preventing information leakage in C applications using RBAC-based model
SEPADS'06 Proceedings of the 5th WSEAS International Conference on Software Engineering, Parallel and Distributed Systems
| Hi-index | 0.00 |
Access control within an application during its execution prevents information leakage. The prevention can be achieved through information flow control. Many information flow control models were developed, which may be based on discretionary access control (DAC), mandatory access control (MAC), label-based approach, and role-based access control (RBAC). Most existing models are for object-oriented systems. Since the procedural C language is still in use heavily, offering a model to control information flows for C applications should be fruitful. Although we identified information flow control models that can be applied to procedural languages, they do not offer the features we need. We thus developed a model to control information flows for C applications. Our model is based on access control lists (ACLs) and named CACL. It offers the following features: (a) controlling both read and write access, (b) preventing indirect information leakage, (c) detailing the control granularity to variables, (d) avoiding improper function call, (e) controlling function call through argument sensitivity, and (f) preventing change of an application when the access rights of the application's real world users change. This paper presents CACL.