Adding flexibility in information flow control for object-oriented systems using versions

International Journal of Software Engineering and Knowledge Engineering

Volumn 13, Issue 3, 2003, Pages 313-325

  Maamir, Allaoua ^a   Fellah, Abdelaziz ^b  

^a UNIVERSITY OF SHARJAH   (United Arab Emirates)

^b UNIVERSITY OF LETHBRIDGE   (Canada)

Author keywords

Access control; Computer security; Confidentiality; Information flow; Object oriented systems security; Privacy

Indexed keywords

DATABASE SYSTEMS; ELECTRONIC COMMERCE; INFORMATION USE; MOBILE COMPUTING; OBJECT ORIENTED PROGRAMMING; SECURITY OF DATA;

FILTERING PROCESS; INFORMATION FLOW; OBJECTED-ORIENTED DATABASE SYSTEMS;

INFORMATION MANAGEMENT;

EID: 8644283675     PISSN: 02181940     EISSN: None     Source Type: Journal    
DOI: 10.1142/S0218194003001317     Document Type: Article

References (22)

1. P. Samarati, E. Bertino, A. Ciampichetti, and S. Jajodia, "Information flow control in object-oriented systems", IEEE Transactions on Knowledge and Data Engineering 9(4) (1997) 524-538.
2. C. N. Zhang and C. Yang, "Information flow analysis on role-based access control model", Information Management and Control Security 10(5) (2002) 225-236.
3. C. N. Zhang and C. Yang, "An object-oriented RBAC model for distributed systems", Working IEEE/IFIP Conference on Software Architecture, (WIGSA), Amsterdam, The Netherlands, 2001, pp. 24-32.
4. S. Osborn, R. Sandhu, and Munawer, "Configuring role-based access control to enforce mandatory and discretionary access control policies", ACM Trans. on Information and System Security 3(2) (2000) 85-106.
5. F. Pottier and S. Conchon, "Information flow in inference for free", in Proc. ACM Int. Conf. on Principles of Functional Programming, New York, Sept. 2000, pp. 46-57.
6. G. Smith, "A new type system for secure information flow", in Proc. 14th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, 2001, pp. 115-125.
7. A. Sabelfeld and A. C. Myers, "Language-based information-flow security", IEEE Journal on Selected Areas in Communications 21(1) (2003) 5-19.
8. S. Zdancewic and A. C. Myers, "Secure information flow and CPS", in Proc. European Symposium on Programming, Vol. 2028 of LNCS, April 2001, pp. 46-61.
9. A. Banerjee and D. A. Naumann, "Secure information flow and pointer confinement in a Java-like language", in Proc. IEEE Computer Security Foundations Workshop, June 2002, pp. 253-267.
10. F. Pottier and V. Simonet, "Information flow inference for ML", in Proc. ACM Symp. on Principles of Programming Languages, Jan. 2002, pp. 319-330.
11. A. C. Myers and B. Liskov, "Protecting privacy using the decentralized label model", ACM TOSEM 9(4) (2000) 410-442.
12. A. C. Myers and B. Liskov, "Complete, safe information flow with decentralized labels", in Proc. IEEE S&P, Oakland, California, 1998.
13. A. C. Myers and B. Liskov, "A decentralized model for information flow control", in Proc. ACM Symp. on Operating System Principles (SOSP), Saint-Malo, France, 1997, pp. 129-142.
14. R. Sandhu, "Role Activation Hierarchies", in Proc. 3rd ACM Workshops on Role-Based Access Control, Fairfax, Virginia, 1998, pp. 22-23.
15. R. Sandhu and P. Samarati, "Authentication, access control, and audit", ACM Computing Surveys 28, No. 1, March 1996.
16. D. E. Denning, "A lattice model of secure information flow", Comm. ACM 19(5) (1976) 236-243.
17. D. E. Denning and P. J. Denning, "Certification of programs for secure information flow", Comm. ACM20(7) (1977) 504-513.
18. E. Ferrari, P. Samarati, E. Bertino, and S. Jajodia, "Providing flexibility in information flow control for object-oriented systems", in Proc. IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 1997, pp. 130-140.
19. D. F. Ferraiolo, J. A. Gugini, and D. R. Kuhn, "Role-based access control: Features and motivations", in Proc. 11th Annual Computer Security Applications Conference, New Orleans, LA, Dec. 1995.
20. D. F. Ferraiolo, J. F. Barkley, and D. R. Kuhn, "A role-based access control model and reference implementation within a corporate intranet", ACM Trans. on Information and Systems Security 2, No. 1, Feb. 1999.
21. A. Maamir, A. Fellah, and I. Rahwan, "Information flow control using versions in object-oriented systems", Technical Report (CS#9P), Department of Mathematics & Computer Science, UAE University, Al-Ain, UAE, June 1999.
22. S. Jajodia and B. Kogan, "Integrating an object-oriented data model with multilevel security", in Proc. IEEE Symp. on Security and Privacy, Oakland, CA, USA, 1990, pp. 76-85.