Evaluation of a Protocol to Prevent Illegal Information Flow Based on Maximal Roles in the RBAC Model

  • Shohei HayashiEmail author
  • Shigenari Nakamura
  • Dilawaer Duolikun
  • Tomoya Enokido
  • Makoto Takizawa
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 29)


In the access control models to make a system secure, a transaction is allowed to read and write an object like a file only if access rights on the object are granted. Suppose a transaction \(T_1\) reads data d from a file \(f_1\) and then writes the data d to another file \(f_2\). Here, another transaction \(T_2\) can get the data d by reading the file \(f_2\) even if \(T_2\) is not granted a read right on the file \(f_1\). Here, the read operation issued by the transaction \(T_2\) is illegal. In our previous studies, a condition to detect an illegal read operation is defined based on the role-based access control (RBAC) model. Here, once a transaction issues an illegal read operation, the transaction is aborted. However, even if the illegal condition is satisfied for a transaction issuing a read operation, illegal information flow may not occur. In this paper, we newly propose a modified read abortion (MRA) protocol which uses a new condition on maximal roles of role sets. In addition, we consider only maximal roles which include a read right on an object which a transaction can read. In the evaluation, we show the number of transactions aborting can be reduced.


Illegal information flow Role-based access control (RBAC) model Maximal roles MRA protocol 



The work was supported by JSPS KAKENHI grant number 15H0295.


  1. 1.
    Database management system sybase.
  2. 2.
    Date, C.J.: An Introduction to Database Systems, 8th edn. Addison-Wesley, Reading (2013)zbMATHGoogle Scholar
  3. 3.
    Denning, D.E.R.: Cryptography and Data Security. Addison-Wesley, Reading (1982)zbMATHGoogle Scholar
  4. 4.
    Enokido, T., Takizawa, M.: Purpose-based information flow control for cyber engineering. IEEE Trans. Ind. Electron. 58(6), 2216–2225 (2011)CrossRefGoogle Scholar
  5. 5.
    Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Controls, 2nd edn. Artech House, Norwood (2007)zbMATHGoogle Scholar
  6. 6.
    Nakamura, S., Duolikun, D., Aikebaier, A., Enokido, T., Takizawa, M.: Role-based information flow control models. In: Proceedings of the IEEE the 28th International Conference on Advanced Information Networking and Applications (AINA 2014), pp. 1140–1147 (2014)Google Scholar
  7. 7.
    Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: A flexible read-write abortion protocol to prevent illegal information flow among objects. J. Mob. Multimed. 11(3–4), 263–280 (2015)Google Scholar
  8. 8.
    Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: A write abortion-based protocol in role-based access control systems. Int. J. Adapt. Innov. Syst. 2(2), 142–160 (2015)CrossRefGoogle Scholar
  9. 9.
    Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: A read-write abortion (RWA) protocol to prevent illegal information flow in role-based access control systems. Int. J. Space-Based Situated Comput. 6(1), 43–53 (2016)CrossRefGoogle Scholar
  10. 10.
    Nakamura, S., Duolikun, D., Takizawa, M.: Read-abortion (RA) based synchronization protocols to prevent illegal information flow. J. Comput. Syst. Sci. 81(8), 1441–1451 (2015)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Wang, M., Wang, J., Guo, K.: Extensible markup language keywords search based on security access control. Int. J. Grid Util. Comput. 9(1), 43–50 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Shohei Hayashi
    • 1
    Email author
  • Shigenari Nakamura
    • 1
  • Dilawaer Duolikun
    • 1
  • Tomoya Enokido
    • 2
  • Makoto Takizawa
    • 1
  1. 1.Hosei UniversityTokyoJapan
  2. 2.Rissho UniversityTokyoJapan

Personalised recommendations