Abstract
Information systems have to be consistent and secure in presence of multiple conflicting transactions. The role-based access control model is widely used to keep information systems secure. Here, a role is a set of access rights, i.e. permissions. A subject is granted a family of roles, i.e. one or more than one role. A subject s is allowed to issue a method op to an object o only if an access right \(\langle{o, op}\rangle\) is included in the roles granted to the subject s. In the access control models, even if every access request satisfies the access rules, illegal information flow might occur as well known confinement problem. In this paper, we define a legal information flow relation (\(R_1 \Rightarrow R_2\)) among a pair of role families R 1 and R 2. This means, no illegal information flow occur if a transaction T 1 with a role family R 1 is performed prior to another transaction T 2 with R 2. In addition, we define which role families are more significant than others in terms of types of methods and security classes of objects. Conflicting methods from different transactions are totally ordered in the significancy of roles of the transactions. We discuss how to synchronize transactions so as to prevent illegal information flow and how to serialize conflicting methods from multiple transactions in terms of significancy and information flow relation of roles families.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bernstein, P.A., Hadzilacos, V., Goodman, N.: Concurrency Control and Recovery in Database Systems. Addison-Wesley, Reading (1987)
Bertino, E., Samarati, P., Jaodia, S.: High Assurance Discretionary Access Control in Object Bases. In: Proc. of the 1st ACM Conf. on Computers and Communication Security, pp. 140–150. ACM Press, New York (1993)
Chon, R., Enokido, T., Takizawa, M.: Inter-Role Information Flow in Object-based Systems. In: The Proc. of IEEE 18th International Conf. on Advanced Information Networking and Applications (AINA 2004), pp. 236–343. IEEE Computer Society Press, Los Alamitos (2004)
Denning, D.E.: A Lattice Model of Secure Information Flow. Communications of the ACM 19(5), 236–343 (1976)
Enokido, T., Takizawa, M.: Concurrency Control Based-on Significancy on Roles. In: Proc. of the IEEE 11th International Conference on Parallel and Distributed Systems (ICPADS 2005), pp. 196–202. IEEE Computer Society Press, Los Alamitos (2005)
Enokido, T., Takizawa, M.: Role-Based Concurrency Control for Distributed Systems. In: Proc. of the IEEE 20th International Conference on Advanced Information Networking and Applications (AINA 2006), pp. 407–412. IEEE Computer Society Press, Los Alamitos (2006)
Enokido, T., Takizawa, M.: Concurrency Control using Subject- and Purpose-Oriented (SPO) View. In: Proc. of the 2nd International Conference on Availability, Reliability and Security (ARES 2007), pp. 454–461 (2007)
Eswaran, K.P., Gray, J.N., Lorie, R.A., Traiger, I.L.: The Notions of Consistency and Predicate Locks in a Database System. Communications of the ACM 19(19), 624–633 (1976)
Ferraiolo, D., Kuhn, R.: Role-Based Access Controls. In: Proc. of 15th NIST-NCSC National Computer Security Conf., pp. 554–563 (1992)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role Based Access Control. In: Artech House (2005)
Gray, J.: Notes on Database Operating Systems. Lecture Notes in Computer Science 60, 393–481 (1978)
Izaki, K., Tanaka, K., Takizawa, M.: Information Flow Control in Role-Based Model for Distributed Objects. In: Proc. of IEEE International Conf. on Parallel and Distributed Systems (ICPADS 2001), pp. 363–370. IEEE Computer Society Press, Los Alamitos (2001)
Oracle Corporation: Oracle8i Concepts, vol. 1, Release 8.1.5 (1999)
Sandhu, R.S.: Lattice-Based Access Control Models. IEEE Computer 26(11), 9–19 (1993)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Sybase. Sybase SQL Server, http://www.sybase.com/
Tari, Z., Chan, S.W.: A Role-Based Access Control for Intranet Security. IEEE Internet Computing 1, 24–34 (1997)
Watanabe, K., Sugiyama, Y., Enokido, T., Takizawa, M.: Moderate Concurrency Control in Distributed Object Systems. Journal of Interconnection Networks (JOIN) 5(3), 233–247 (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Enokido, T., Barolli, V., Takizawa, M. (2007). Role-Based Scheduling and Synchronization Algorithms to Prevent Illegal Information Flow. In: Enokido, T., Barolli, L., Takizawa, M. (eds) Network-Based Information Systems. NBiS 2007. Lecture Notes in Computer Science, vol 4658. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74573-0_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-74573-0_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74572-3
Online ISBN: 978-3-540-74573-0
eBook Packages: Computer ScienceComputer Science (R0)