[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

Multi-level Access Control, Directed Graphs and Partial Orders in Flow Control for Data Secrecy and Privacy

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10723))

Included in the following conference series:

Abstract

We present the view that the method of multi-level access control, often considered confined in the theory of mandatory access control, is in fact necessary for data secrecy (i.e. confidentiality) and privacy. This is consequence of a result in directed graph theory showing that there is a partial order of components in any data flow graph. Then, given the data flow graph of any access control system, it is in principle possible to determine which multi-level access control system it implements. On the other hand, given any desired data flow graph, it is possible to assign subjects and data objects to its different levels and thus implement a multi-level access control system for secrecy and privacy. As a consequence, we propose that the well-established lattice model of secure information flow be replaced by a model based on partial orders of components. Applications to Internet of Things and Cloud contexts are briefly mentioned.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 35.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 44.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Bang-Jensen, J., Gutin, G.Z.: Digraphs: Theory, Algorithms and Applications. Springer, Heidelberg (2010). https://doi.org/10.1007/978-1-84800-998-1. p. 17 and Fig. 1.12

    MATH  Google Scholar 

  2. Bell, D.E., La Padula, L.J.: Secure computer systems: unified exposition and Multics interpretation. TR MTR-2997 Rev. 1, Mitre Corporation (1976)

    Google Scholar 

  3. Bell, D.E.: Looking back at the Bell-La Padula model. In: 21st Annual IEEE Computer Security Applications Conference (2005, on line, no page numbers)

    Google Scholar 

  4. Cavoukian, A.: Privacy by design. The 7 Foundational Principles. White Paper, Information and Privacy Commissioner of Ontario, Canada (2009)

    Google Scholar 

  5. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Trans. Inf. Syst. Secur. 5(2), 169–202 (2002)

    Article  MATH  Google Scholar 

  6. Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  7. Fernandez-Buglioni, E.: Security Patterns in Practice. Wiley, Hoboken (2013)

    Google Scholar 

  8. Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House, Norwood (2007)

    MATH  Google Scholar 

  9. Foley, S.N.: Aggregation and separation as noninterference properties. J. Comput. Secur. 1(2), 159–188 (1992)

    Article  MathSciNet  Google Scholar 

  10. Harary, F., Norman, R.Z., Cartwright, D.: Structural Models: An Introduction to the Theory of Directed Graphs. Wiley, Hoboken (1966). Chap. 3

    MATH  Google Scholar 

  11. Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. Computer 48(2), 85–88 (2015)

    Article  Google Scholar 

  12. Jaume, M., Viet Triem Tong, V., Mé, L.: Flow based interpretation of access control: detection of illegal information flows. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 72–86. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25560-1_5

    Chapter  Google Scholar 

  13. Landwehr, C.E.: Formal models for computer security. ACM Comput. Surv. 13(3), 247–278 (1981)

    Article  Google Scholar 

  14. Landwehr, C.E.: Privacy research directions. Commun. ACM 59(2), 29–31 (2016)

    Article  Google Scholar 

  15. Logrippo, L.: Logical method for reasoning about access control and data flow control models. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 205–220. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17040-4_13

    Google Scholar 

  16. Logrippo, L.: A first-order logic formalism for access control and flow control, with application to multi-level access control. In preparation

    Google Scholar 

  17. Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol. 9(4), 410–442 (2000)

    Article  Google Scholar 

  18. Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-662-03811-6

    MATH  Google Scholar 

  19. Osborn, S.L., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur. 3(2), 85–106 (2000)

    Article  Google Scholar 

  20. Osborn, S.L.: Information flow analysis of an RBAC system. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, (SACMAT 2002), pp. 163–168 (2002)

    Google Scholar 

  21. Rushby, J.: Noninterference, transitivity, and channel-control security policies. TR CSL-92-02. Computer Science Lab., SRI International, Menlo Park, CA (1992)

    Google Scholar 

  22. Samarati, P., de Vimercati, S.C.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45608-2_3

    Chapter  Google Scholar 

  23. Sandhu, R.: Lattice-based access control models. Computer 26(11), 9–19 (1993)

    Article  Google Scholar 

  24. Smith, R.: Multilevel security. In: Bidgoli, H. (ed.) Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection and Management, vol. 3. Wiley, Hoboken (2005). Chap. 205

    Google Scholar 

  25. Stambouli, A., Logrippo, L.: Data flow analysis with access control matrices or RBAC permission lists. Submitted for publication

    Google Scholar 

  26. Tarjan, R.E.: Depth-first search and linear graph algorithms. SIAM J. Comput. 1(2), 146–160 (1972)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgment

This work was partially supported by a grant of the Natural Sciences and Engineering Research Council of Canada. The author is indebted to Sofiene Boulares and Abdelouadoud Stambouli for many useful discussions, and to Guy-Vincent Jourdan for useful comments on the draft copy.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Luigi Logrippo .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Logrippo, L. (2018). Multi-level Access Control, Directed Graphs and Partial Orders in Flow Control for Data Secrecy and Privacy. In: Imine, A., Fernandez, J., Marion, JY., Logrippo, L., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2017. Lecture Notes in Computer Science(), vol 10723. Springer, Cham. https://doi.org/10.1007/978-3-319-75650-9_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-75650-9_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-75649-3

  • Online ISBN: 978-3-319-75650-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics