Advertisement

A flexible read-write abortion protocol with role safety concept to prevent illegal information flow

  • Shigenari NakamuraEmail author
  • Tomoya Enokido
  • Makoto Takizawa
Original Research

Abstract

In information systems, illegal information flow among objects has to be prevented. A transaction illegally reads data in an object if the object includes data in other objects which are not allowed to be read. In our previous studies, the FRWA-R (flexible read-write-abortion with role sensitivity) and FRWA-O (object sensitivity) protocols are proposed to prevent illegal information flow. Here, a transaction aborts with some probability once illegally reading data in an object. The abortion probability depends on the sensitivity of roles which the transaction holds and objects in which the transaction illegally reads data. The role sensitivity and object sensitivity show how many transactions which hold the role and illegally read data in the object abort after illegally reading data in the object, respectively. Here, the sensitivity just monotonically increases each time a transaction aborts. In this paper, we propose a new safety concept of a role and an FRWA-RS (FRWA with role safety) protocol. Here, the safety of a role increases and decreases each time a transaction holding the role commits and aborts by issuing an illegal read operation, respectively. A transaction with safer roles aborts with smaller probability. In the evaluation, we show fewer and more numbers of transactions abort in the FRWA-RS protocol than the RWA protocol and than the WA protocol, respectively, and transactions are more efficiently performed than the WA protocol.

Keywords

Flexible read-write-abortion (FRWA) protocol Role safety Meaningless read Lost read Information flow control 

Notes

Acknowledgements

This work was supported by JSPS KAKENHI Grant Number 15H0295.

References

  1. Bacon J, Eyers D, Pasquier TFJM, Singh J, Papagiannis I, Pietzuch P (2014) Information flow control for secure cloud computing. IEEE Trans Netw Serv Manag 11(1):1–14CrossRefGoogle Scholar
  2. Che X, Maag S (2015) Formally testing the protocol performances. Int J Space-Based Situat Comput 5(2):76–88CrossRefGoogle Scholar
  3. Denning DER (1982) Cryptography and data security. Addison Wesley, BostonzbMATHGoogle Scholar
  4. Enokido T, Takizawa M (2009) A legal information flow (lif) scheduler based on role-based access control model. Int J Comput Stand Interfaces 31(5):906–912CrossRefGoogle Scholar
  5. Enokido T, Takizawa M (2010) A purpose-based synchronization protocol for secure information flow control. Int J Comput Syst Sci Eng 25(2):25–32Google Scholar
  6. Enokido T, Takizawa M (2011) Purpose-based information flow control for cyber engineering. IEEE Trans Indus Electr 58(6):2216–2225CrossRefGoogle Scholar
  7. Fernadez EB, Summers RC, Wood C (1980) Database security and integrity. Adison Wesley, BostonGoogle Scholar
  8. Ferraiolo DF, Kuhn DR, Chandramouli R (2007) Role-based access controls, 2nd edn. Artech, NorwoodzbMATHGoogle Scholar
  9. Fisher-Hellmann KS (2012) Information flow based security control beyond RBAC. Springer Vieweg, BrooklynCrossRefGoogle Scholar
  10. Hegarty R, Haggerty J (2015) Extrusion detection of illegal files in cloud-based systems. Int J Space-Based Situat Comput 5(3):150–158CrossRefGoogle Scholar
  11. Messina F, Pappalardo G, Santoro C, Rosaci D, Sarné GML (2016) A multi-agent protocol for service level agreement negotiation in cloud federations. Int J Grid Utility Comput 7(2):101–112CrossRefGoogle Scholar
  12. Nakamura S, Duolikun D, Aikebaier A, Enokido T, Takizawa M (2014a) Read-write abortion (rwa) based synchronization protocols to prevent illegal information flow. In: Proc. of the 17th International Conference on Network-Based Information Systems (NBiS-2014), pp 120–127Google Scholar
  13. Nakamura S, Duolikun D, Aikebaier A, Enokido T, Takizawa M (2014b) Role-based information flow control models. In: Proc. of IEEE the 28th international conference on advanced information networking and applications (AINA-2014), pp 1140–1147Google Scholar
  14. Nakamura S, Duolikun D, Aikebaier A, Enokido T, Takizawa M (2014c) Synchronization protocols to prevent illegal information flow in role-based access control systems. In: Proc. of the 8th international conference on complex, intelligent, and software intensive systems (CISIS-2014), pp 279–286Google Scholar
  15. Nakamura S, Duolikun D, Enokido T, Takizawa M (2015a) A flexible read-write abortion protocol to prevent illegal information flow. In: Proc. of IEEE the 29th international conference on advanced information networking and applications (AINA-2015), pp 155–162Google Scholar
  16. Nakamura S, Duolikun D, Enokido T, Takizawa M (2015b) A flexible read-write abortion protocol to prevent illegal information flow among objects. J Mob Multimed 11(3&4):263–280Google Scholar
  17. Nakamura S, Duolikun D, Enokido T, Takizawa M (2015c) A flexible read-write abortion protocol with sensitivity of objects to prevent illegal information flow. In: Proc. of the 9th international conference on complex, intelligent, and software intensive systems (CISIS-2015), pp 289–296Google Scholar
  18. Nakamura S, Duolikun D, Enokido T, Takizawa M (2015d) A flexible read-write abortion protocol with sensitivity of roles. In: Proc. of the 18th international conference on network-based information systems (NBiS-2015), pp 132–139Google Scholar
  19. Nakamura S, Duolikun D, Enokido T, Takizawa M (2015e) A write abortion-based protocol in role-based access control systems. Int J Adapt Innov Syst 2(2):142–160CrossRefGoogle Scholar
  20. Nakamura S, Duolikun D, Takizawa M (2015f) Read-abortion (ra) based synchronization protocols to prevent illegal information flow. J Compu Syst Sci 81(8):1441–1451MathSciNetCrossRefGoogle Scholar
  21. Nakamura S, Duolikun D, Enokido T, Takizawa M (2016) A read-write abortion (rwa) protocol to prevent illegal information flow in role-based access control systems. Int J Space-Based Situat Comput 6(1):43–53CrossRefGoogle Scholar
  22. Osborn S, Sandhu RS, Munawer Q (2000) Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans Inform Syst Secur 3(2):85–106CrossRefGoogle Scholar
  23. Sandhu RS (1993) Lattice-based access control models. IEEE Comput 26(11):9–19CrossRefGoogle Scholar
  24. Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. IEEE Comput 29(2):38–47CrossRefGoogle Scholar
  25. Yang J, Cheng R, Liu W, Xiao Y, Zhang F (2013) Cryptoanalysis and improvement of smart prepayment meter protocol in standard q/gdw 365. Int J Grid Utility Comput 4(1):40–46CrossRefGoogle Scholar
  26. Yasuda M, Tachikawa T, Takizawa M (1998) A purpose-oriented access control model for object-based systems. In: Proc. of the 1st international symposium on object-oriented real-time distributed computing (ISORC’98), pp 146–147Google Scholar
  27. Zeldovich N, Boyd-Wickizer S, Mazières D (2008) Securing distributed systems with information flow control. In: Proc. of the 5th USENIX symposium on networked systems design and implementation, pp 293–308Google Scholar

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  • Shigenari Nakamura
    • 1
    Email author
  • Tomoya Enokido
    • 2
  • Makoto Takizawa
    • 1
  1. 1.Hosei UniversityTokyoJapan
  2. 2.Rissho UniversityTokyoJapan

Personalised recommendations