Abstract
In the role-based access control (RBAC) model, authorized access requests are specified in roles. However, illegal information flow might occur as the well known confinement problem. We first define legal, independent, illegal, and possibly illegal types of information flow relations, R 1 \(\Rightarrow\) R 2, R 1 || R 2, R 1 \(\hookrightarrow\) R 2, and R 1 → R 2 among role families R 1 and R 2, respectively. Suppose a transaction T 1 with a role family R 1 precedes T 2 with R 2 in a schedule, i.e. for every pair of conflicting methods op 1 and op 2 from T 1 and T 2, respectively, op 1 is performed prior to op 2. Here, if R 1 \(\Rightarrow\) R 2 or R 1 || R 2 hold, no illegal information flow occur. Otherwise, illegal information flow might occur. Hence, T 2 cannot be performed. In this paper, we discuss the locking protocol for synchronizing conflicting transactions so that no illegal information flow occur based on the information flow relations. In addition, we discuss when the role-based locks are released.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bernstein, P.A., Hadzilacos, V., Goodman, N.: Concurrency Control and Recovery in Database Systems. Addison-Wesley, Reading (1987)
Bertino, E., Samarati, P., Jaodia, S.: High Assurance Discretionary Access Control in Object Bases. In: Proc. of the 1st ACM Conf. on Computers and Communication Security, pp. 140–150 (1993)
Chon, R., Enokido, T., Takizawa, M.: Inter-Role Information Flow in Object-based Systems. In: Proc. of IEEE 18th International Conf. on Advanced Information Networking and Applications (AINA 2004) (to appear, 2004)
Denning, D.E.: A Lattice Model of Secure Information Flow. Communications of the ACM 19(5), 236–343 (1976)
Enokido, T., Takizawa, M.: Concurrency Control Based-on Significancy on Roles. In: Proc. of the IEEE 11th International Conference on Parallel and Distributed Systems (ICPADS 2005), pp. 196–202 (2005)
Enokido, T., Takizawa, M.: Role-Based Concurrency Control for Distributed Systems. In: Proc. of the IEEE 20th International Conference on Advanced Information Networking and Applications (AINA 2006), pp. 407–412 (2006)
Enokido, T., Takizawa, M.: Concurrency Control using Subject- and Purpose-Oriented (SPO) View. In: Proc. of the 2nd International Conference on Availability, Reliability and Security (ARES 2007), pp. 454–461 (2007)
Eswaran, K.P., Gray, J.N., Lorie, R.A., Traiger, I.L.: The Notions of Consistency and Predicate Locks in a Database System. Communications of the ACM 19(19), 624–633 (2007)
Ferraiolo, D., Kuhn, R.: Role-Based Access Controls. In: Proc. of 15th NIST-NCSC National Computer Security Conf., pp. 554–563 (1992)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role Based Access Control. Artech House (2005)
Gray, J.: Notes on Database Operating Systems. LNCS, vol. (60), pp. 393–481 (1978)
Izaki, K., Tanaka, K., Takizawa, M.: Information Flow Control in Role-Based Model for Distributed Objects. In: Proc. of IEEE International Conf. on Parallel and Distributed Systems (ICPADS 2001), pp. 363–370 (2001)
Oracle Corporation. Oracle8i Concepts Vol. 1, Release 8.1.5 (1999)
Sandhu, R.S.: Lattice-Based Access Control Models. IEEE Computer 26(11), 9–19 (1993)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Sybase. Sybase SQL Server, http://www.sybase.com/
Tari, Z., Chan, S.W.: A Role-Based Access Control for Intranet Security. IEEE Internet Computing 1, 24–34 (1997)
Watanabe, K., Sugiyama, Y., Enokido, T., Takizawa, M.: Moderate Concurrency Control in Distributed Object Systems. Journal of Interconnection Networks (JOIN) 5(3), 233–247 (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Enokido, T., Takizawa, M. (2008). Preventing Illegal Information Flow Based on Role-Based Access Control Model. In: Takizawa, M., Barolli, L., Enokido, T. (eds) Network-Based Information Systems. NBiS 2008. Lecture Notes in Computer Science, vol 5186. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85693-1_26
Download citation
DOI: https://doi.org/10.1007/978-3-540-85693-1_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85692-4
Online ISBN: 978-3-540-85693-1
eBook Packages: Computer ScienceComputer Science (R0)