Synchronization of Transactions to Prevent Illegal Information Flow in a Role-Based Access Control Model

22nd International Conference on Advanced Information Networking and Applications (aina 2008) Pub Date : 2008-03-25 DOI:10.1109/AINA.2008.145

T. Enokido, M. Takizawa

{"title":"Synchronization of Transactions to Prevent Illegal Information Flow in a Role-Based Access Control Model","authors":"T. Enokido, M. Takizawa","doi":"10.1109/AINA.2008.145","DOIUrl":null,"url":null,"abstract":"The role-based access control (RBAC) model is widely used to make information systems secure. Even if every access request is authorized in the roles, illegal information flow might occur as the well known confinement problem. In this paper, we discuss how to prevent illegal information flow to occur by synchronizing conflicting transactions in the RBAC model. We first define types of information flow relations, legal (LIF), illegal (IIF), and possibly illegal (PIF) ones R1 = R2, R1 rarr R2, and R1 rarr R2 among a pair of role families R\\ and Ri, respectively. Here, let T1 and T2 be a pair of transactions with role families R1 and R2 respectively. Suppose T1 precedes T2 in a schedule, i.e. for every pair of conflicting methods op\\ and opi from T\\ andT% respectively, op\\ is performed prior to op2- Here, if the LIF relation R1 = R2 holds, no illegal information flow occur. If R1 rarr R2, illegal information flow necessarily occur. R1 rarr R2 implies that illegal information flow might occur depending on in which order the transactions perform what methods.","PeriodicalId":328651,"journal":{"name":"22nd International Conference on Advanced Information Networking and Applications (aina 2008)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"22nd International Conference on Advanced Information Networking and Applications (aina 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AINA.2008.145","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

The role-based access control (RBAC) model is widely used to make information systems secure. Even if every access request is authorized in the roles, illegal information flow might occur as the well known confinement problem. In this paper, we discuss how to prevent illegal information flow to occur by synchronizing conflicting transactions in the RBAC model. We first define types of information flow relations, legal (LIF), illegal (IIF), and possibly illegal (PIF) ones R₁ = R₂, R₁ rarr R₂, and R1 rarr R₂ among a pair of role families R\ and Ri, respectively. Here, let T₁ and T₂ be a pair of transactions with role families R₁ and R₂ respectively. Suppose T₁ precedes T₂ in a schedule, i.e. for every pair of conflicting methods op\ and opi from T\ andT% respectively, op\ is performed prior to op₂- Here, if the LIF relation R₁ = R₂ holds, no illegal information flow occur. If R₁ rarr R₂, illegal information flow necessarily occur. R₁ rarr R₂ implies that illegal information flow might occur depending on in which order the transactions perform what methods.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于角色的访问控制模型中防止非法信息流的事务同步

基于角色的访问控制(RBAC)模型被广泛用于信息系统的安全。即使每个访问请求都在角色中获得授权，也可能出现非法信息流，即众所周知的限制问题。本文讨论了在RBAC模型中如何通过同步冲突事务来防止非法信息流的发生。我们首先定义信息流关系的类型，合法的(LIF)，非法的(IIF)和可能非法的(PIF) R1 = R2, R1 rarr R2和R1 rarr R2分别在一对角色族R\和Ri中。这里设T1和T2分别为角色族为R1和R2的一对事务。假设调度中T1在T2之前，即对于T\和T%中每一对冲突的方法op\和opi, op\都在op2之前执行。此时，如果LIF关系R1 = R2成立，则没有非法信息流发生。若R1 rrr2，则必然发生非法信息流。R1 rarr R2意味着根据事务执行方法的顺序可能会发生非法信息流。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

22nd International Conference on Advanced Information Networking and Applications (aina 2008)

自引率

0.00%

发文量