Keywords: information security, access control, information flow control, prevent information leakage, indirect information leakage
Received November 7, 2003; accepted May 24, 2004.
Communicated by Shiuh-Pyng Shieh.
| Previous | [ 1] | [ 2] | [ 3] | [ 4] | [ 5] | [ 6] | [ 7] | [ 8] | [ 9] | [ 10] | [ 11] | [ 12] | [ 13] |
¡@
Shih-Chien Chou
Department of Computer Science and Information Engineering
National Dong Hwa University
Hualien, 974 Taiwan
E-mail: scchou@mail.ndhu.edu.tw
Preventing information leakage during program execution is essential for modern
applications. This paper proposes a model to prevent information leakage for objectoriented
systems, which is based on role-based access control (RBAC). It is named
MRBAC/AR (modified RBAC for both intrA- and inteR-application information flow
control) because it is a modification of RBAC96. It offers the following features: (a)
adapting to dynamic object state change, (b) adapting to dynamic role change, (c) avoiding
Trojan horses, (d) detailing access control granularity to variables, (e) controlling
method invocation through argument sensitivity, (f) allowing declassification, (g) allowing
purpose-oriented method invocation, (h) precisely controlling write access, and (i)
preventing both intra- and inter-application information leakage. We evaluated
MRBAC/AR through experiments. The evaluation result is also shown in this paper.
Received November 7, 2003; accepted May 24, 2004.
Communicated by Shiuh-Pyng Shieh.