Managing role relationships in an information flow control model

Journal of Systems and Software

Volumn 79, Issue 4, 2006, Pages 507-522

  Chou, Shih Chien ^a   Chen, Yuan Chien ^a  

^a NATIONAL DONG HWA UNIVERSITY   (Taiwan)

Author keywords

Indirect information leakage; Information flow control; Prevent information leakage; Role relationship; Security

Indexed keywords

DATA TRANSFER; INFORMATION ANALYSIS; INFORMATION DISSEMINATION; MATHEMATICAL MODELS;

INDIRECT INFORMATION LEAKAGE; INFORMATION FLOW CONTROL; PREVENT INFORMATION LEAKAGE; ROLE RELATIONSHIP; SECURITY;

DATA COMMUNICATION SYSTEMS;

EID: 33645164231     PISSN: 01641212     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jss.2005.04.008     Document Type: Article

References (31)

1. Bell, D.E., LaPadula, L.J., 1976. Secure computer systems: unified exposition and multics interpretation. Technique Report, Mitre Corporation. Available from: .
2. E. Bertino, Sabrina de Capitani di Vimercati, E. Ferrari, and P. Samarati Exception-based information flow control in object-oriented systems ACM Transactions on Information and System Security 1 1 1998 26 65
3. Brewer, D.F.C., Nash, M.J., 1989. The Chinese Wall Security Policy. In: Proceedings of the 5th IEEE Symposium on Security and Privacy, pp. 206-214.
4. S.-C. Chou Embedding role-based access control model in object-oriented systems to protect privacy Journal of Systems and Software 71 1-2 2004 143 161
5. S.-C. Chou Dynamic adaptation to object state change in an information flow control model Information and Software Technology 46 11 2004 729 737
6. D.E. Denning A lattice model of secure information flow Communications of the ACM 19 5 1976 236 243
7. D.E. Denning, and P.J. Denning Certification of program for secure information flow Communications of the ACM 20 7 1977 504 513
8. D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, and R. Chandramouli Proposed NIST standard for role-based access control ACM Transactions on Information and System Security 4 3 2001 224 274
9. Ferrari, E., Samarati, P., Bertino, E., Jajodia, S., 1997. Providing flexibility in information control for object-oriented systems. In: Proceedings of the 13th IEEE Symposium on Security and Privacy, pp. 130-140.
10. M.H. Harrison, W.L. Ruzzo, and J.D. Ullman Protection in operating systems Communications of the ACM 19 8 1976 461 471
11. Izaki, K., Tanaka, K., Takizawa, M., 2001. Information flow control in role-based model for distributed objects. In: Proceedings of the 8th International Conference on Parallel and Distributed Systems, pp. 363-370.
12. A. Maamir, and A. Fellah Adding flexibility in information flow control for object-oriented systems using versions International Journal of Software Engineering and Knowledge Engineering 13 3 2003 313 326
13. M.D. McIlroy, and J.A. Reeds Multilevel security in the UNIX tradition Software-Practice and Experience 22 8 1992 673 694
14. Myers, A.C., 1999. JFlow: Practical mostly-static information flow control. In: Proceedings of the 26th ACM Symposium on Principles of Programming Language, pp. 228-241.
15. Myers, A.C., Liskov, B., 1997. A decentralized model for information flow control. In: Proceedings of the 17th ACM Symposium on Operating Systems Principles, pp. 129-142.
16. Myers, A., Liskov, B., 1998. Complete, safe information flow with decentralized labels. In: Proceedings of the 14th IEEE Symposium on Security and Privacy, pp. 186-197.
17. A. Myers, and B. Liskov Protecting privacy using the decentralized label model ACM Transactions on Software Engineering and Methodology 9 4 2000 410 442
18. M. Nyanchama, and S. Osborn Modeling mandatory access control in role-based security systems Database Security IX: Status and Prospects 1995 129 144
19. Olivier, M.S., van de Riet, R.P., Gudes, E., 1998. Specifying application-level security in workflow systems. In: Proceedings of the 9th International Workshop on Database and Expert Systems Applications, pp. 346-351.
20. Osborn, S., 1997. Mandatory access control and role-based access control revisited. In: Proceedings of the Second ACM Workshop on Role-Based Access Control, pp. 31-40.
21. S. Osborn, R. Sandhu, and Q. Munawer Configuring role-based access control to enforce mandatory and discretionary access control policies ACM Transactions on Information and System Security 3 2 2000 85 106
22. P. Samarati, E. Bertino, A. Ciampichetti, and S. Jajodia Information flow control in object-oriented systems IEEE Transactions on Knowledge and Data Engineering 9 4 1997 524 538
23. Sandhu, R., 1996. Role hierarchies and constraints for lattice-based access controls. In: Proceedings of the Fourth European Symposium on Research in Computer Security, pp. 65-79.
24. R.S. Sandhu Lattice-based access control models IEEE Computer 26 11 1993 9 19
25. R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman Role-based access control models IEEE Computer 29 2 1996 38 47
26. T. Tachikawa, M. Yasuda, and M. Takizawa A purposed-oriented access control model in object-based systems Transactions on Information Processing Society of Japan 38 11 1997 2362 2369
27. Thomas, R.K., Sandhu, R.S., 1997. Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. In: Proceedings of the IFIP WG11.3 Workshop on Database Security.
28. Varadharajan, V., Black, S., 1990. A multilevel security model for a distributed object-oriented system. In: Proceedings of the 6th IEEE Symposium on Security and Privacy, pp. 68-78.
29. Yasuda, M., Tachikawa, T., Takizawa, M., 1997. Information flow in a purpose-oriented access control model. In: Proceedings of the 1997 International Conference on Parallel and Distributed Systems, pp. 244-249.
30. Yasuda, M., Tachikawa, T., Takizawa, M., 1998. A purpose-oriented access control model. In: Proceedings of the 12th International Conference on Information Networking, pp. 168-173.
31. Zhang, C.N., Yang, C., 2001. An object-oriented RBAC model for distributed system. In: Proceedings of the Working IEEE/IFIP Conference on Software Architecture, pp. 24-32.