Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13]

@

Journal of Information Science and Engineering, Vol. 22 No. 1, pp. 147-161 (January 2006)

MRBAC/AR: an Information Flow Control Model to Prevent Both Intra- and Inter-Application Information Leakage

Shih-Chien Chou
Department of Computer Science and Information Engineering
National Dong Hwa University
Hualien, 974 Taiwan
E-mail: scchou@mail.ndhu.edu.tw

Preventing information leakage during program execution is essential for modern applications. This paper proposes a model to prevent information leakage for objectoriented systems, which is based on role-based access control (RBAC). It is named MRBAC/AR (modified RBAC for both intrA- and inteR-application information flow control) because it is a modification of RBAC96. It offers the following features: (a) adapting to dynamic object state change, (b) adapting to dynamic role change, (c) avoiding Trojan horses, (d) detailing access control granularity to variables, (e) controlling method invocation through argument sensitivity, (f) allowing declassification, (g) allowing purpose-oriented method invocation, (h) precisely controlling write access, and (i) preventing both intra- and inter-application information leakage. We evaluated MRBAC/AR through experiments. The evaluation result is also shown in this paper.

Keywords: information security, access control, information flow control, prevent information leakage, indirect information leakage

Full Text () Retrieve PDF document (200601_08.pdf)

Received November 7, 2003; accepted May 24, 2004.
Communicated by Shiuh-Pyng Shieh.