research-article

An information flow control meta-model

Authors:

Denis GracaninAuthors Info & Claims

SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologies

Pages 101 - 112

https://doi.org/10.1145/2462410.2462414

Published: 12 June 2013 Publication History

Abstract

In this paper a meta-model for information flow control is defined using the foundation of Barker's access control meta-model. The purposes for defining this meta-model is to achieve a more principled understanding of information flow control, to compare information flow control and access control at an abstract level, and to explore how information flow control and access control might be composed to yield a rich new set of ideas and systems for controlling the dissemination of sensitive information. It is shown that it is possible to define a meta-model for information flow control, that such a model is more complex compared to the access control meta-model, and that the meta-models for information flow control and access control can be composed in a conceptually straightforward way.

References

[1]

M. Bishop, Computer Security: Art and Science. Boston, MA: Pearson Education, 2003.

[2]

W. Tolone, G.-J. Ahn, T. Pai, and S.-P. Hong, "Access control in collaborative systems," ACM Computing Surveys, vol. 37, pp. 29--41, 2005.

Digital Library

[3]

D. F. Ferraiolo and D. Kuhn, "Role Based Access Control," 15th National Computer Security Conference, 1992.

[4]

D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, "Proposed NIST standard for Rel-Based Access Control," ACM Transactions on Information and Systems Security, vol. 4, pp. 224--274, 2001.

Digital Library

[5]

R. K. Thomas, "Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments," Proceedings of the Second ACM Workshop on Role-Based Access Control, Fairfax, Virginia, United States, 1997.

Digital Library

[6]

R. K. Thomas and R. S. Sandhu, "Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Authorization Management," Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, 1998.

Digital Library

[7]

S. Barker, M. J. Sergot, and D. Wijesekera, "Status-Based Access Control," ACM Trans. Inf. Syst. Secur., vol. 12, pp. 1--47, 2008.

Digital Library

[8]

E. Bertino, B. Catania, M. L. Damiani, and P. Perlasca, "GEO-RBAC: a spatially aware RBAC," Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, 2005.

Digital Library

[9]

S. M. Chandran and J. Joshi, "LoT-RBAC: A Location and Time-Based RBAC Model," Web Information Systems Engineering (WISE 2005), 2005.

Digital Library

[10]

C. K. Georgiadis, I. Mavridis, G. Pangalos, and R. K. Thomas, "Flexible team-based access control using contexts," Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, Chantilly, Virginia, United States, 2001.

Digital Library

[11]

J. H. Jafarian, and Amini, Morteza, "CAMAC: A Context-Aware Mandatory Access Control Model," ISeCure, The ISC International Journal of Information Security, vol. 1, pp. 35--54, 2009.

[12]

Q. Ni, D. Lin, E. Bertino, and J. Lobo, "Conditional Privacy-Aware Role Based Access Control," 12th European Symposiun on Research in Computer Security (ESORICS 2007), Dresden, Germany, 2007.

Digital Library

[13]

Q. Ni, A. Trombetta, E. Bertino, and J. Lobo, "Privacy-aware role based access control," Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, Sophia Antipolis, France, 2007.

Digital Library

[14]

Q. Ni, E. Bertino, and J. Lobo, "An obligation model bridging access control policies and privacy policies," Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, Estes Park, CO, USA, 2008.

Digital Library

[15]

S. Barker, "The next 700 access control models or a unifying meta-model?," Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, Stresa, Italy, 2009.

Digital Library

[16]

S. Barker, "Personalizing access control by generalizing access control," Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, Pennsylvania, USA, 2010.

Digital Library

[17]

N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazieres, "Making information flow explicit in HiStar," Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7, Seattle, WA, 2006.

Digital Library

[18]

D. E. Denning, "A lattice model of secure information flow," Communication of the ACM, vol. 19, pp. 236--243, 1976.

Digital Library

[19]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, "TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones," Proceedings of the 9th USENIX conference on Operating Systems Design and Implementation, Vancouver, BC, Canada, 2010.

Digital Library

[20]

K. Hyung Chan, A. D. Keromytis, M. Covington, and R. Sahita, "Capturing Information Flow with Concatenated Dynamic Taint Analysis," in International Conference on Availability, Reliability and Security (ARES '09), 2009, pp. 355--362.

[21]

A. C. Myers, "JFlow: practical mostly-static information flow control," Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Antonio, Texas, United States, 1999.

Digital Library

[22]

S. Vandebogart, P. Efstathopoulos, E. Kohler, M. Krohn, C. Frey, D. Ziegler, F. Kaashoek, R. Morris, and D. Mazieres, "Labels and event processes in the Asbestos operating system," ACM Transactions on Computer Systems, vol. 25, p. 11, 2007.

Digital Library

[23]

N. Zeldovich, S. Boyd-Wickizer, and D. Mazieres, "Securing distributed systems with information flow control," Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, San Francisco, California, 2008.

Digital Library

[24]

J. Park and R. Sandhu, "The UCONABC Usage Control Model," ACM Transactions on Information Systems Security, vol. 7, pp. 128--174, 2004.

Digital Library

[25]

S. Ayed, N. Cuppens-Boulahia, and F. Cuppens, "An integrated model for access control and information flow requirements," Proceedings of the 12th Asian Computing Science Conference on Advances in Computer Science: Computer and Network Security, Doha, Qatar, 2007.

Digital Library

[26]

V. Atluri, W.-K. Huang, and E. Bertino, "A semantic-based execution model for multilevel secure workflows," Journal on Computer Security, vol. 8, pp. 3--41, 2000.

Digital Library

[27]

U.S. Department of Defense, "Trusted Computer System Evaluation Criteria ", 1985, pp. 116.

[28]

E. Staab and G. Muller, "MITRA: A Meta-Model for Information Flow in Trust and Reputation Architectures," Computing Research Repository (CoRR), vol. abs/1207.0405, 2012 2012.

[29]

A. Sabelfeld and A. C. Myers, "Language-based information-flow security," IEEE Journal on Selected Areas in Communications, vol. 21, pp. 5--19, January 2003 2003.

Digital Library

[30]

A. C. Myers and B. Liskov, "Protecting privacy using the decentralized label model," ACM Transactions on Software Engingeering Methodology, vol. 9, pp. 410--442, 2000.

Digital Library

[31]

P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazieres, F. Kaashoek, and R. Morris, "Labels and event processes in the asbestos operating system," Proceedings of the twentieth ACM symposium on Operating systems principles, Brighton, United Kingdom, 2005.

Digital Library

[32]

I. Roy, D. E. Porter, M. D. Bond, K. S. McKinley, and E. Witchel, "Laminar: practical fine-grained decentralized information flow control," Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, Dublin, Ireland, 2009.

Digital Library

[33]

R. Wu, G.-J. Ahn, H. Hu, and M. Singhal, "Information Flow Control in Cloud Computing," The Fifth International Workshop on Trusted Collaboration (TrustCol 2010), Chicago, IL, USA, 2010.

[34]

N. Broberg and D. Sands, "Paralocks: role-based information flow control and beyond," Proceedings of the 37th annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Madrid, Spain, 2010.

Digital Library

Cited By

Radhika BKumar NShyamasundar R(2022)Samyukta: A Unified Access Control Model using Roles, Labels, and AttributesInformation Systems Security10.1007/978-3-031-23690-7_5(84-102)Online publication date: 11-Dec-2022
https://doi.org/10.1007/978-3-031-23690-7_5
Gracanin DKnapp RMartin TParker S(2019)Smart Virtual Care Centers in the Context of Performance and Privacy2019 15th International Conference on Telecommunications (ConTEL)10.1109/ConTEL.2019.8848553(1-8)Online publication date: Jul-2019
https://doi.org/10.1109/ConTEL.2019.8848553

Index Terms

An information flow control meta-model
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

Providing flexible access control to an information flow control model

Protecting privacy within an application is essential. Many information flow control models have been developed for that protection. We developed an information flow control model based on role-based access control (RBAC) for object-oriented systems, ...
An information flow control model for C applications based on access control lists

Access control within an application during its execution prevents information leakage. The prevention can be achieved through information flow control. Many information flow control models were developed, which may be based on discretionary access ...
An agent-based inter-application information flow control model
Special issue: Software engineering education and training

Access control in an application prevents information leakage in the application. The prevention can be achieved by controlling information flows. Many information flow control models have been developed. Since applications may cooperate, controlling ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologies

June 2013

278 pages

ISBN:9781450319508

DOI:10.1145/2462410

General Chair:
Mauro Conti
University of Padua, Italy
,
Program Chairs:
Jaideep Vaidya
Rutgers University, USA
,
Andreas Schaad
SAP AG, Germany

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 June 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '13

Sponsor:

SIGSAC

SACMAT '13: 18th ACM Symposium on Access Control Models and Technologies

June 12 - 14, 2013

Amsterdam, The Netherlands

Acceptance Rates

SACMAT '13 Paper Acceptance Rate 19 of 62 submissions, 31%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
288
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Radhika BKumar NShyamasundar R(2022)Samyukta: A Unified Access Control Model using Roles, Labels, and AttributesInformation Systems Security10.1007/978-3-031-23690-7_5(84-102)Online publication date: 11-Dec-2022
https://doi.org/10.1007/978-3-031-23690-7_5
Gracanin DKnapp RMartin TParker S(2019)Smart Virtual Care Centers in the Context of Performance and Privacy2019 15th International Conference on Telecommunications (ConTEL)10.1109/ConTEL.2019.8848553(1-8)Online publication date: Jul-2019
https://doi.org/10.1109/ConTEL.2019.8848553

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents