A dynamic label checking approach for information flow control in web services

International Journal of Web Services Research

Volumn 3, Issue 1, 2006, Pages 1-28

  Tari, Zahir ^a   Bertok, Peter ^a   Simic, Dusan ^a  

^a RMIT UNIVERSITY   (Australia)

Author keywords

Data security; De classification; Information flow control; Security labels

Indexed keywords

INFORMATION TECHNOLOGY; MATHEMATICAL MODELS; MONITORING; SECURITY OF DATA; THEOREM PROVING;

DE CLASSIFICATION; INFORMATION FLOW CONTROL; SECURITY LABELS;

WORLD WIDE WEB;

EID: 33645533244     PISSN: 15457362     EISSN: 15465004     Source Type: Journal    
DOI: 10.4018/jwsr.2006010101     Document Type: Article

References (38)

1. Bayardo, R. J., Jr., & Agrawal, R. (2005, April). Data privacy through optimal K-anonymization. In Proceedings of the 21st International Conference on Data Engineering (ICDE 2005) (pp. 217-228), Tokyo, Japan.
2. Bartlett, R. G., & Cook, M. W. (2003, January). XML security using XSLT. In Proceedings of the 36th Hawaii International Conference on System Sciences (HICSS), 4(4) (p. 122b), Big Island, HI.
3. Bell, D. E., & LaPadula, L. J. (1973). Secure computersystems: Mathematical foundations and model (Technical Report 2547). McLean, VA: The MITRE Corporation.
4. Belokosztolszki, A., Eyers, D. M., & Moody, K. (2003, June). Policy contexts: Controlling information flow in parameterized RBAC. In Proceedings of the IEEE 4th International Workshop on Policies for Distributed Systems and Networks (pp. 99-110), Como, Italy.
5. Bertiuo, E., di Vimercati, S. C., Ferrari, E., & Samarati, P. (1998). Exception-based information flow control in object-oriented systems. ACM Transactions on Information and System. Security (TISSEC), 1(1), 26-65.
6. Bertino, E., & Ferrari, E. (2002). Secure and selective dissemination of XML documents. ACM Transactions on Information and System Security (TISSEC), 5(3), 290-331.
7. Damiani, E., di Vimercati, S. C., Paraboschi, S., & Samarati, P. (2000, March). Securing XML documents. In Proceedings of the 2000 International Conference on Extending Database Technology (EDBT 2000) (pp. 121-135), Konstanz, Germany.
8. Damiani, E., di Vimercati, S. C., Paraboschi, S., & Samarati, P. (2001, May). Fine grained access control for SOAP e-services. In Proceedings of the 10th International World Wide Web Conference (WWW10) (pp. 504-513), Hong Kong.
9. Damiani, E., di Vimercati, S. C., Paraboschi, S., & Samarati, P. (2002a). A fine-grained access control system for XML documents. ACM Transactions of Information and System Security (TISSEC), 5(2), 169-202.
10. Damiani, E., di Vimercati, S. C., Paraboschi, S., & Samarati, P. (2002b). Securing SOAP e-services. International Journal of Information Security, 1(2), 100-115.
11. Deitel, H. M., Deitel, P. J., DuWaldt, B., & Trees, L. K. (2003). Web services, A technical introduction. Upper Saddle River, N.J: Prentice Hall.
12. Denning, D. E. (1976). A lattice model of secure information flow. Communications of the ACM, 19(5), 236-243.
13. Denning, D. E., & Denning, P. J. (1977). Certification of programs for secure information flow. Communications of the ACM, 20(7), 504-513.
14. Devanbu, P., Gertz, M., Kwoug, A., Martel, C., Nuckolls, G., & Stubblebine, S. G. (2001, November). Flexible authentication of XML documents. In Proceedings of the 8th ACM Conference on Computer and Communications Security (pp. 136-145), Philadelphia, PA.
15. di Vimercati, S. C., Paraboschi, S., & Samarati, P. (2003). Access control: Principles and solutions. Software - Practice and Experience, 33(5), 397-421.
16. Ferrari, E., Samarati, P., Bertino, E., & Jajodia, S. (1997, May). Providing flexibility in information flow control for object-oriented systems. In Proceedings of the IEEE Symposium on Security and Privacy (p. 130), Oakland, CA.
17. Gabillon, A., & Bruno, E. (2001, July). Regulating access to XML documents. In Proceedings of the 15th Annual IFIP WG 11.3 Working Conference on Database Security (pp. 299-314), Niagara, Ontario, Canada.
18. Hung, P. C. K., Ferrari, E., & Carminati B. (2004, July). Towards standardized Web services privacy technologies. In Proceedings of the International Conference on Web Services (ICWS'04) (p. 174), San Diego, CA.
19. Jones, A. K., & Liskov, B. H. (1978). A language expression for expressing constraints on data. Communications of the ACM, 21(5), 358-367.
20. Kuo, C. J., & Humenn, P. (2002, November). Dynamically authorized role-based access control for secure distributed computation. In Proceedings of the 2002 ACM Workshop on XML Security (pp. 97-103), Fairfax, VA.
21. Lampson, B. W. (1973). A note on the confinement problem. Communications of the ACM, 16(10), 613-615.
22. Lategan, F. A., & Olivier, M. S. (2001, May). On granting limited access to private information. In Proceedings of the 10th International Conference on World Wide Web (pp. 21-25), Hong Kong.
23. Li, B. (2002). Analyzing information-flow in Java program based on slicing technique. ACM SIGSOFT Software Engineering Notes, 27(5), 98-103.
24. Myers, A. C., & Flow, J. (1999, January). Practical mostly-static information flow control. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (pp. 228-241), San Antonio, TX.
25. Myers, A. C., & Liskov, B. (1997, October). A decentralized model for information flow control. In Proceedings of the 16th ACM Symposium, on Operating Systems Principles (pp. 129-142), Saint-Malo, France.
26. Myers, A. C., & Liskov, B. (1998, May). Complete safe information flow with decentralized labels. In Proceedings of the 1998 IEEE Symposium on Security and Privacy (pp. 186-197), Oakland, CA.
27. Myers, A. C., & Liskov, B. (2000). Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology, 9(4), 410-442.
28. OASIS. (2005). SAML security assertion. markup language (SAML) 2.0 technical overview. Retrieved September 19,2005, from http://xml.coverpages.org/ SAML-TechOverview20v03-11511.pdf
29. Osborn, S. L. (2002, June). Information flow analysis of an RBAC system. In Proceedings of the 17th ACM Symposium on Access Control Models and Techniques (pp. 163-168), Monterey, CA.
30. Park, J. S., Sandhu, R., & Ahn, G. J. (2001). Role-based access control on the Web. ACM Transactions on Information and System Security, 4(1), 37-71.
31. Park, J., & Sandhu, R. (2002, June). Towards usage control models: Beyond traditional access control. In Proceedings of the ACM Symposium on Access Control Models and Technologies (pp. 57-64), Monterey, CA.
32. Rezgui, A., Ouzzani, M., Bouguettaya, A., & Medjahed, B. (2002, November). Preserving privacy in Web services. In Proceedings of the 4th International ACM Workshop on Web Information and Data Management WIDM'02 (pp. 56-62), McLean, VA.
33. Volpano, D., Smith, G., & Irvine, C. (1996). A sound type system for secure flow analysis. Journal of Computer Security 4(3), 167-187.
34. W3C. (2000). Extensible markup language (XML). World Wide Web Consortium (W3C). Retrieved September 19, 2005, from http://www.w3c.org/TR/REC-xml
35. W3C. (2001). XML path language (XPath) 2.0. World Wide Web Consortium (W3C). Retrieved September 19, 2005, from http://www.w3.org/TR/xpath20
36. W3C. (2002a). XML encryption syntax and processing. World Wide Web Consortium (W3C). Retrieved September 19, 2005, from http://www.w3.org/TR/ xmlenc-core/
37. W3C. (2002b). XML signature syntax and processing. World Wide Web Consortium (W3C). Retrieved September 19, 2005, from http://www.w3.org/TR/ xmldsig-core/
38. W3C. (2002c). XSL transformations (XSLT) version 2.0. World Wide Web Consortium (W3C). Retrieved September 19, 2005, from http://www.w3.org/TR/2002/ WD-xslt20-20020430