Creating Objects in the Flexible Authorization Framework

  • Nicola Zannone
  • Sushil Jajodia
  • Duminda Wijesekera
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4127)


Access control is a crucial concern to build secure IT systems and, more specifically, to protect the confidentiality of information. However, access control is necessary, but not sufficient. Actually, IT systems can manipulate data to provide services to users. The results of a data processing may disclose information concerning the objects used in the data processing itself. Therefore, the control of information flow results fundamental to guarantee data protection. In the last years many information flow control models have been proposed. However, these frameworks mainly focus on the detection and prevention of improper information leaks and do not provide support for the dynamical creation of new objects.

In this paper we extend our previous work to automatically support the dynamical creation of objects by verifying the conditions under which objects can be created and automatically associating an access control policy to them. Moreover, our proposal includes mechanisms tailored to control the usage of information once it has been accessed.


Access Control Integrity Constraint Access Control Policy Covert Channel Role Base Access Control 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bell, D.E., LaPadula, L.J.: Secure Computer System: Unified Exposition and MULTICS Interpretation. Technical Report MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA (1976)Google Scholar
  2. 2.
    Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: Proc. of Symp. on Sec. and Privacy, pp. 206–214. IEEE Press, Los Alamitos (1989)Google Scholar
  3. 3.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. CACM 20(7), 504–513 (1977)CrossRefMATHGoogle Scholar
  4. 4.
    Downs, D., Rub, J., Kung, K., Jordan, C.: Issues in Discretionary Access Control. In: Proc. of Symp.on Sec. and Privacy, pp. 208–218. IEEE Press, Los Alamitos (1985)Google Scholar
  5. 5.
    Griffiths, P.P., Wade, B.W.: An authorization mechanism for a relational database system. TODS 1(3), 242–255 (1976)CrossRefGoogle Scholar
  6. 6.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comp. 29(2), 38–47 (1996)CrossRefGoogle Scholar
  7. 7.
    Sabelfeld, A., Myers, A.C.: Language-Based Information-Flow Security. IEEE J. on Selected Areas in Comm. 21(1), 5–19 (2003)CrossRefGoogle Scholar
  8. 8.
    Chong, S., Myers, A.C.: Security Policies for Downgrading. In: Proc. of CCS 2004, pp. 198–209. ACM Press, New York (2004)Google Scholar
  9. 9.
    Bertino, E., Samarati, P., Jajodia, S.: High assurance discretionary access control for object bases. In: Proc.of CCS 1993, pp. 140–150. ACM Press, New York (1993)Google Scholar
  10. 10.
    Samarati, P., Bertino, E., Ciampichetti, A., Jajodia, S.: Information flow control in object-oriented systems. TKDE 9(4), 524–538 (1997)Google Scholar
  11. 11.
    McCollum, C.D., Messing, J.R., Notargiacomo, L.: Beyond the pale of MAC and DAC-defining new forms of access control. In: Proc. of Symp. on Sec. and Privacy, pp. 190–200. IEEE Press, Los Alamitos (1990)Google Scholar
  12. 12.
    Stoughton, A.: Access flow: A protection model which integrates access control and information flow. In: Proc. of Symp. on Sec. and Privacy, pp. 9–18. IEEE Press, Los Alamitos (1981)Google Scholar
  13. 13.
    Zannone, N., Jajodia, S., Massacci, F., Wijesekera, D.: Maintaining Privacy on Derived Objects. In: Proc. of WPES 2005, pp. 10–19. ACM Press, New York (2005)Google Scholar
  14. 14.
    Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. TODS 26(2), 214–260 (2001)CrossRefMATHGoogle Scholar
  15. 15.
    Baral, C.R., Subrahmanian, V.S.: Stable and extension class theory for logic programs and default logics. J. of Autom. Reas. 8(3), 345–366 (1992)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Proc. of ICLP 1988, pp. 1070–1080. MIT Press, Cambridge (1988)Google Scholar
  17. 17.
    Scott, D.S.: Identity and existence in intuitionistic logic. In: Application of Sheaves. Lecture Notes in Mathematics, vol. 753, pp. 660–696. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  18. 18.
    Liskov, B.H., Wing, J.M.: A Behavioral Notion of Subtyping. TOPLAS 16(6), 1811–1841 (1994)CrossRefGoogle Scholar
  19. 19.
    van Gelder, A.: The alternating fixpoint of logic programs with negation. In: Proc. of PODS 1989, pp. 1–10. ACM Press, New York (1989)Google Scholar
  20. 20.
    Ferrari, E., Samarati, P., Bertino, E., Jajodia, S.: Providing flexibility in information flow control for object oriented systems. In: Proc. of Symp. on Sec. and Privacy, pp. 130–140. IEEE Press, Los Alamitos (1997)Google Scholar
  21. 21.
    Focardi, R., Gorrieri, R.: The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties. TSE 23(9), 550–571 (1997)Google Scholar
  22. 22.
    Samarati, P., di Vimercati, S.D.C.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2001. LNCS, vol. 2946, pp. 137–196. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    He, J., Gligor, V.D.: Information-Flow Analysis for Covert-Channel Identification in Multilevel Secure Operating Systems. In: Proc. of the 3rd IEEE Comp. Sec. Found. Workshop, pp. 139–149. IEEE Press, Los Alamitos (1990)Google Scholar
  24. 24.
    National Computer Security Center: A Guide to Understanding Covert Channel Analysis of Trusted Systems. Technical Report NCSC-TG-030, Library No. S-240,572, National Security Agency (1993)Google Scholar
  25. 25.
    Pernul, G.: Database Security. Advances in Computers 38, 1–72 (1994)CrossRefGoogle Scholar
  26. 26.
    Osborn, S.L.: Information flow analysis of an RBAC system. In: Proc. of SACMAT 2002, pp. 163–168. ACM Press, New York (2002)Google Scholar
  27. 27.
    Nyanchama, M., Osborn, S.: The role graph model and conflict of interest. TISSEC 2(1), 3–33 (1999)CrossRefGoogle Scholar
  28. 28.
    Yasuda, M., Tachikawa, T., Takizawa, M.: Information Flow in a Purpose-Oriented Access Control Model. In: Proc. of ICPADS 1997, pp. 244–249. IEEE Press, Los Alamitos (1997)Google Scholar
  29. 29.
    Izaki, K., Tanaka, K., Takizawa, M.: Information flow control in role-based model for distributed objects. In: Proc. of ICPADS 2001, pp. 363–370. IEEE Press, Los Alamitos (2001)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Nicola Zannone
    • 1
    • 2
  • Sushil Jajodia
    • 2
  • Duminda Wijesekera
    • 2
  1. 1.Dep. of Information and Communication TechnologyUniversity of TrentoUSA
  2. 2.Center for Secure Information SystemsGeorge Mason UniversityItaly

Personalised recommendations