Article

Providing flexibility in information flow control for object oriented systems

Authors:

E. Ferrari,

P. Samarati,

E. Bertino,

S. JajodiaAuthors Info & Claims

SP '97: Proceedings of the 1997 IEEE Symposium on Security and Privacy

Page 130

Published: 04 May 1997 Publication History

Publisher Site

Abstract

Abstract: This paper presents an approach to control information flow in object-oriented systems that takes into account, besides authorizations on objects, also how the information has been obtained and/or transmitted. These aspects are considered by allowing exceptions to the restrictions stated by the authorizations. Exceptions are specified by means of waivers associated with methods. Two kinds of waivers are supported: invoke-waivers, specifying exceptions applicable during a method's execution, and reply-waivers, specifying exceptions applicable to the information returned by a method. Information flowing from one object into another object is subject to the different waivers of the methods enforcing the transmission. We formally characterize information transmission and flow in a transaction taking into consideration different interaction modes among objects. We then define security specifications, meaning authorizations and waivers, and characterize safe information flows. We formally define conditions whose satisfaction ensures absence of unsafe flows and present an algorithm enforcing these conditions.

Cited By

View all

den Hartog JZannone NBertino ESandhu RKrishnan R(2016)A Policy Framework for Data Fusion and Derived Data ControlProceedings of the 2016 ACM International Workshop on Attribute Based Access Control10.1145/2875491.2875492(47-57)Online publication date: 11-Mar-2016
https://dl.acm.org/doi/10.1145/2875491.2875492
Ernst MJust RMillstein SDietl WPernsteiner SRoesner FKoscher KBarros PBhoraskar RHan SVines PWu EAhn GYung MLi N(2014)Collaborative Verification of Information Flow for a High-Assurance App StoreProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security10.1145/2660267.2660343(1092-1104)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2660267.2660343
Zdancewic S(2013)A Type System for Robust DeclassificationElectronic Notes in Theoretical Computer Science (ENTCS)10.1016/S1571-0661(03)50014-783(263-277)Online publication date: 1-Jan-2013
https://dl.acm.org/doi/10.1016/S1571-0661%2803%2950014-7
Show More Cited By

Index Terms

Providing flexibility in information flow control for object oriented systems
1. Security and privacy
  1. Systems security
    1. Operating systems security

Index terms have been assigned to the content through auto-classification.

Recommendations

Exception-based information flow control in object-oriented systems

We present an approach to control information flow in object-oriented systems. The decision of whether an information flow is permitted or denied depends on both the authorizations specified on the objects and the process by which information is ...
Information Flow Control in Object-Oriented Systems

In this paper, we describe a high assurance discretionary access control model for object-oriented systems. The model not only ensures protection against Trojan horses leaking information, but provides the flexibility of discretionary access control at ...
Providing flexible access control to an information flow control model

Protecting privacy within an application is essential. Many information flow control models have been developed for that protection. We developed an information flow control model based on role-based access control (RBAC) for object-oriented systems, ...

Comments

Information & Contributors

Information

Published In

SP '97: Proceedings of the 1997 IEEE Symposium on Security and Privacy

May 1997

Publisher

IEEE Computer Society

United States

Publication History

Published: 04 May 1997

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

den Hartog JZannone NBertino ESandhu RKrishnan R(2016)A Policy Framework for Data Fusion and Derived Data ControlProceedings of the 2016 ACM International Workshop on Attribute Based Access Control10.1145/2875491.2875492(47-57)Online publication date: 11-Mar-2016
https://dl.acm.org/doi/10.1145/2875491.2875492
Ernst MJust RMillstein SDietl WPernsteiner SRoesner FKoscher KBarros PBhoraskar RHan SVines PWu EAhn GYung MLi N(2014)Collaborative Verification of Information Flow for a High-Assurance App StoreProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security10.1145/2660267.2660343(1092-1104)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2660267.2660343
Zdancewic S(2013)A Type System for Robust DeclassificationElectronic Notes in Theoretical Computer Science (ENTCS)10.1016/S1571-0661(03)50014-783(263-277)Online publication date: 1-Jan-2013
https://dl.acm.org/doi/10.1016/S1571-0661%2803%2950014-7
Almeida Matos ABoudol G(2009)On declassification and the non-disclosure policyJournal of Computer Security10.5555/1662658.166266217:5(549-597)Online publication date: 1-Oct-2009
https://dl.acm.org/doi/10.5555/1662658.1662662
Sabelfeld ASands D(2009)Declassification: Dimensions and principlesJournal of Computer Security10.5555/1662658.166265917:5(517-548)Online publication date: 1-Oct-2009
https://dl.acm.org/doi/10.5555/1662658.1662659
Liu YMilanova AKrishnamurthi SYoung M(2008)Static analysis for inference of explicit information flowProceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering10.1145/1512475.1512486(50-56)Online publication date: 9-Nov-2008
https://dl.acm.org/doi/10.1145/1512475.1512486
McCamant SErnst M(2008)Quantitative information flow as network flow capacityACM SIGPLAN Notices10.1145/1379022.137560643:6(193-205)Online publication date: 7-Jun-2008
https://dl.acm.org/doi/10.1145/1379022.1375606
McCamant SErnst MGupta RAmarasinghe S(2008)Quantitative information flow as network flow capacityProceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/1375581.1375606(193-205)Online publication date: 7-Jun-2008
https://dl.acm.org/doi/10.1145/1375581.1375606
Mishina TYoshihama SKudo M(2007)Fine-grained sticky provenance architecture for office documentsProceedings of the Security 2nd international conference on Advances in information and computer security10.5555/1778902.1778932(336-351)Online publication date: 29-Oct-2007
https://dl.acm.org/doi/10.5555/1778902.1778932
Zannone NJajodia SWijesekera D(2006)Creating Objects in the Flexible Authorization Framework20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security on Data and Applications Security XX - Volume 412710.5555/3127142.3127143(1-14)Online publication date: 31-Jul-2006
https://dl.acm.org/doi/10.5555/3127142.3127143
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

Exception-based information flow control in object-oriented systems

Information Flow Control in Object-Oriented Systems

Providing flexible access control to an information flow control model

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations