FlexFlow: A Flexible Flow Control Policy Specification Framework

  • Shiping Chen
  • Duminda Wijesekera
  • Sushil Jajodia
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 142)


We propose FlexFlow, a logic based flexible flow control framework to specify data-flow, work-flow and transaction systems policies that go beyond point-to-point flows. Both permissions and prohibitions are specifiable in FlexFlow and meta-policies such as permissions take precedence themselves can be specified over the meta-policy neutral policy specification environment of FlexFlow. We show the expressibility of FlexFlow by expressing three existing flow control models which were proposed for different applications and used different mechanisms.


Flow control policy Data flow Security policy 


  1. [1]
    C. Baral and V.S. Subrahmanian. Stable and extension class theory for logic programs and default theories. Journal of Automated Reasoning, 8:345–366, 1992.MathSciNetGoogle Scholar
  2. [2]
    D.E. Bell and L.J. LaPadula. Secure computer systems: Mathematical foundations and model. Report M74-244, Mitre Corp., Bedford, MA, 1975.Google Scholar
  3. [3]
    S. Chen, D. Wijesekera, and S. Jajodia. Flexflow: A flexible flow control policy specification framework. Report ISE-TR-03-04, Center for Secure Information Systems, Fairfax, VA, 2003.Google Scholar
  4. [4]
    D.E. Denning. A lattice model of secure information flow. Communication of ACM, pages 236–243, May 1976.Google Scholar
  5. [5]
    E. Ferrari, P. Samarati, E. Bertino, and S. Jajodia. Providing flexibility in information flow control for object-oriented systems. In Proceedings of the IEEE Symposium on Security and Privacy, pages 130–140, Oakland, CA, May 1997. IEEE.Google Scholar
  6. [6]
    S.N. Foley. A model for secure information flow. In Proceedings of the IEEE symposium on Security and Privacy, Oakland, CA, May 1989.Google Scholar
  7. [7]
    A. V. Gelder. The alternating fixpoint of logic programs with negation. In Proc. 8th ACM Symposium on Principles of Database Systems, pages 1–10, 1989.Google Scholar
  8. [8]
    M. Gelfond and V. Lifschitz. The stable model semantics for logic programming. In Proc. Fifth International Conference and Symposium on Logic Programming, pages 1070–1080, 1988.Google Scholar
  9. [9]
    S. Jajodia, P. Samarati, M.L. Sapino, and V.S. Subrahmanian. Flexible support for multiple access control policies. ACM Transactions on Database Systems, 26(4): 1–57, June 2001.Google Scholar
  10. [10]
    C.J. McCollum, J.R. Messing, and L. Notargiacomo. Beyond the pale of mac and dac-defining new forms of access control. In Proceedings of the IEEE symposium on Security and Privacy, pages 190–200, Oakland, CA, May 1990.Google Scholar
  11. [11]
    A.C. Myers and B. Liskov. A decentralized model for information flow control. In Proceedings of the 16th ACM Symposium on Operating System Principles, pages 129–142, Saint-Malo, France, October 1997.Google Scholar
  12. [12]
    P. Samarati, E. Bertino, A. Ciampichetti, and S. Jajodia. Information flow control in object-oriented systems. IEEE Transactions on Knowledge and Data Engineering, 9(4):524–538, July–Aug. 1997.CrossRefGoogle Scholar

Copyright information

© Springer Science + Business Media, Inc. 2004

Authors and Affiliations

  • Shiping Chen
    • 1
  • Duminda Wijesekera
    • 1
  • Sushil Jajodia
    • 1
  1. 1.Center for Secure Information SystemsGeorge Mason UniversityFairfax

Personalised recommendations