A Hierarchical Release Control Policy Framework

  • Chao Yao
  • William H. Winsborough
  • Sushil Jajodia
Conference paper
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 193)


With increasing information exchange within and between organizations, it becomes increasingly unsatisfactory to depend solely on access control to meet confidentiality and other security needs. To better support the regulation of information flow, this paper presents a release control framework founded on a logical language. Release policies can be specified in a hierarchical manner, in the sense that each user, group, division and organization can specify their own policies, and these are combined by the framework in a manner that enables flexibility within the context of management oversight and regulation. In addition, the language can be used naturally to specify associated provisions (actions that must be undertaken before the release is permitted) and obligations (actions that are agreed will be taken after the release).

This paper also addresses issues arising due to the fact that a data object can be released from one entity to another in sequence, along a release path. We show how to test whether a given release specification satisfies given constraints on the release paths it authorizes. We also show how to find the best release paths from release specifications, based on weights specified by users. The factors affecting weights include the subjects through which a path passes, as well as the provisions and obligations that must be met to authorize each step in the path.


Policy Release Control Access Control 


  1. [BdVS00]
    Piero A. Bonatti, Sabrina De Capitani di Vimercati, and Pierangela Samarati. A modular approach to composing access control policies. In ACM Conference on Computer and Communications Security, pages 164–173, 2000.Google Scholar
  2. [BJWW02]
    Claudio Bettini, Sushil Jajodia, Xiaoyang Sean Wang, and Duminda Wijesekera. Provisions and obligations in policy management and security applications. In VLDB, pages 502–513, 2002.Google Scholar
  3. [Den76]
    Dorothy E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236–243, 1976.zbMATHMathSciNetCrossRefGoogle Scholar
  4. [Fol89]
    Simon N. Foley. A model for secure information flow. In IEEE Symposium on Security and Privacy, pages 248–258, 1989.Google Scholar
  5. [Gel89]
    Allen Van Gelder. The alternating fixpoint of logic programs with negation. In Proceedings of the Eighth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, March 29–31, 1989, Philadelphia, Pennsylvania, pages 1–10. ACM Press, 1989.Google Scholar
  6. [JSSS01]
    Sushil Jajodia, Pierangela Samarati, Maria Luisa Sapino, and V. S. Subrahmanian. Flexible support for multiple access control policies. ACM Trans. Database Syst., 26(2):214–260, 2001.CrossRefGoogle Scholar
  7. [Llo87]
    John W. Lloyd. Foundations of Logic Programming, Second Edition. Springer, 1987.Google Scholar
  8. [ML97]
    Andrew C. Myers and Barbara Liskov. A decentralized model for information flow control. In SOSP, pages 129–142, 1997.Google Scholar
  9. [MMN90]
    Catherine D. McCollum, J. R. Messing, and LouAnna Notargiacomo. Beyond the pale of mac and dac-defining new forms of access control. In IEEE Symposium on Security and Privacy, pages 190–200, 1990.Google Scholar
  10. [SBCJ97]
    Pierangela Samarati, Elisa Bertino, Alessandro Ciampichetti, and Sushil Jajodia. Information flow control in object-oriented systems. IEEE Trans. Knowl. Data Eng., 9(4):524–538, 1997.CrossRefGoogle Scholar
  11. [SBM99]
    Ravi S. Sandhu, Venkata Bhamidipati, and Qamar Munawer. The arbac97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur., 2(1):105–135, 1999.CrossRefGoogle Scholar
  12. [SCFY96]
    Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-based access control models. IEEE Computer, 29(2):38–47, 1996.Google Scholar
  13. [WJ02]
    Duminda Wijesekera and Sushil Jajodia. Policy algebras for access control the predicate case. In ACM Conference on Computer and Communications Security, pages 171–180, 2002.Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Chao Yao
    • 1
  • William H. Winsborough
    • 1
  • Sushil Jajodia
    • 1
    • 2
  1. 1.Center for Secure Information SystemsGeorge Mason UniversityFairfax
  2. 2.The MITRE Corporation

Personalised recommendations