Dynamic adaptation to object state change in an information flow control model

Information and Software Technology

Volumn 46, Issue 11, 2004, Pages 729-737

  Chou, Shih Chien ^a  

^a NATIONAL DONG HWA UNIVERSITY   (Taiwan)

Author keywords

Information flow control; Information security; Object oriented systems; Role based access control

Indexed keywords

CONTROL SYSTEMS; DATA REDUCTION; DATA TRANSFER; MATHEMATICAL MODELS; OBJECT ORIENTED PROGRAMMING; SECURITY OF DATA;

INFORMATION FLOW CONTROL; OBJECT ORIENTED SYSTEMS; PURPOSE ORIENTED METHOD; ROLE BASED ACCESS CONTROL;

INFORMATION TECHNOLOGY;

EID: 2542437254     PISSN: 09505849     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.infsof.2003.12.006     Document Type: Article

References (43)

1. Ford W., Baum M.S. second ed Secure Electronic Commerce. 2001;Prantice-Hall, Englewood Cliffs, NJ.
2. Samarati P., Bertino E., Ciampichetti A., Jajodia S. Information flow control in object-oriented systems. IEEE Trans. Knowledge Data Engng. 9:(4):1997;524-538. July/August.
3. Ferrari E., Samarati P., Bertino E., Jajodia S. Providing Flexibility in Information Flow Control for Object-Oriented Systems. Proceedings of the 13th IEEE Symposium on Security and Privacy. 1997;. pp. 130-140.
4. Bertino E., de Capitani di Vimercati S., Ferrari E., Samarati P. Exception-based information flow control in object-oriented systems. ACM Trans. Inf. Syst. Security. 1:(1):1998;26-65.
5. Izaki K., Tanaka K., Takizawa M. Information Flow Control in Role-Based Model for Distributed Objects. Proceedings of the Eighth International Conference on Parallel and Distributed Systems. vol. 8:2001;. pp. 363-370.
6. Yasuda M., Tachikawa T., Takizawa M. Information Flow in a Purpose-Oriented Access Control Model. Proceedings of the 1997 International Conference on Parallel and Distributed Systems. 1997;. pp. 244-249.
7. Yasuda M., Tachikawa T., Takizawa M. A Purpose-Oriented Access Control Model. Proceedings of the 12th International Conference on Information Networking. 1998;. pp. 168-173.
8. Tachikawa T., Yasuda M., Takizawa M. A purposed-oriented access control model in object-based systems. Trans. Inf. Process. Soc. Jpn. 38:(11):1997;2362-2369.
9. Jajodia S., Kogan B. Integrating an Object-Oriented Data Model with Multilevel Security. Proceedings of the Sixth IEEE Symposium on Security and Privacy. 1990;. pp. 76-85.
10. Varadharajan V., Black S. A Multilevel Security Model for a Distributed Object-Oriented System. Proceedings of the Sixth IEEE Symposium on Security and Privacy. 1990;. pp. 68-78.
11. Myers A.C. JFlow: Practical Mostly-Static Information Flow Control. Proceedings of the 26th ACM Symposium on Principles of Programming Language. 1999;. pp. 228-241.
12. Myers A.C., Liskov B. A Decentralized Model for Information Flow Control. Proceedings of the 17th ACM Symposium on Operating Systems Principles. 1997;. pp. 129-142.
13. Myers A., Liskov B. Complete, Safe Information Flow with Decentralized Labels. Proceedings of the 14th IEEE Symposium on Security and Privacy. 1998;. pp. 186-197.
14. Myers A., Liskov B. Protecting privacy using the decentralized label model. ACM Trans. Software Engng Methodol. 9:(4):2000;410-442.
15. McCollum C.J., Messing J.R., Notargiacomo L. Beyond the Pale of MAC and DAC - Defining New Forms of Access Control. Proceedings of the Sixth IEEE Symposium on Security and Privacy. 1990;. pp. 190-200.
16. D.E. Bell, L.J. LaPadula, Secure Computer Systems: Unified Exposition and Multics Interpretation, Technique Report, Mitre Corporation, March 1976, http://csrc.nist.gov/publications/history/bell76.pdf .
17. Denning D.E. A lattice model of secure information flow. Commun. ACM. 19:(5):1976;236-243.
18. Denning D.E., Denning P.J. Certification of program for secure information flow. Commun. ACM. 20:(7):1977;504-513.
19. Brewer D.F.C., Nash M.J. The Chinese Wall Security Policy. Proceedings of the Fifth IEEE Symposium on Security and Privacy. 1989;. pp. 206-214.
20. Smith G., Volpano D. Secure Information Flow in a Multi-Thread Imperative Language. Proceedings of the 25th ACM Symposium on Principles of Programming Languages. 1998;. pp. 355-364.
21. Agat J. Transforming out Timing Leaks. Proceedings of the 27th ACM Symposium on Principles of Programming Languages. 2000;. pp. 40-53.
22. McIlroy M.D., Reeds J.A. Multilevel security in the UNIX tradition. Software - Practice Exp. 22:(8):1992;673-694.
23. Graubart R. On the Need for a Third Form of Access Control. Proceedings of the 12th National Computer Security Conference. 1989;. pp. 296-303.
24. Foley S.N. A Model for Secure Information Flow. Proceedings of the Fifth IEEE Symposium Security and Privacy. 1989;. pp. 248-258.
25. Zdancewic S., Zheng L., Nystrom N., Myers A.C. Untrusted Hosts and Confidentiality: Secure Program Partitioning. Proceedings of the 18th ACM Symposium on Operating Systems Principles. 2001.
26. S.-C. Chou, Embedding role-based access control model in object-oriented systems to protect privacy, to appear in the Journal of Systems and Software.
27. Tari Z., Chan S.-W. A role-based access control for intranet security. IEEE Internet Comput. 1:(5):1997;24-34.
28. Zhang C.N., Yang C. An Object-Oriented RBAC Model for Distributed System. Proceedings of the Working IEEE/IFIP Conference on Software Architecture. 2001;. pp. 24-32.
29. Ferraiolo D.F., Sandhu R., Gavrila S., Kuhn D.R., Chandramouli R. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Security. 4:(3):2001;224-274.
30. Giuri L., Iglio P. A Formal Models for Role-Based Access Control with Constraints. Proceedings of the Ninth IEEE Computer Security Foundations Workshop. 1996;. pp. 136-145.
31. Nyanchama M., Osborn S. Modeling mandatory access control in role-based security systems. Database Security IX: Status Prospects. 1995;129-144.
32. Nyanchama M., Osborn S. The role graph model and conflict of interest. ACM Trans. Inf. Syst. Security. 2:(1):1999;3-33.
33. Osborn S. Mandatory Access Control and Role-Based Access Control Revisited. Proceedings of the Second ACM Workshop on Role-Based Access Control. 1997;. pp. 31-40.
34. Osborn S., Sandhu R., Munawer Q. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Security. 3:(2):2000;85-106.
35. Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E. Role-based access control models. IEEE Comput. 29:(2):1996;38-47.
36. Nyanchama M., Osborn S. Access rights in role-based security systems. Database Security VIII: Status Prospects. 1994;37-56.
37. Sandhu R., Bhamidipati V., Munawer Q. The ARBAC97 model for role-based administration of roles., ACM Trans. Inf. Syst. Security. 2:(1):1999;105-135.
38. Thomsen D.J. Role-based application design and enforcement. Database Security IV: Status Prospects. 1991;151-168.
39. Sandhu R. Role Hierarchies and Constraints for Lattice-Based Access Controls. Proceedings of the Fourth European Symposium on Research in Computer Security. 1996;. pp. 65-79.
40. Booch G. second ed Object-Oriented Analysis and Design with Application. 1994;The Benjamin/Cummings Publishing Company, Redwood City, CA.
41. Rumbaugh J., Blaha M., Premerlani W., Eddy F., Lorensen W. Object-Oriented Modeling and Design. 1991;Prentice-Hall, Englewood Cliffs, NJ.
42. Schueider F.B. Enforceable security policy. ACM Trans. Inf. Syst. Security. 3:(1):2000;30-50.
43. Focardi R., Gorrieri R. The compositional security checker: a tool for the verification of information flow security properties. IEEE Trans. Software Engng. 23:(9):1997;550-571.