A FLEXIBLE READ-WRITE ABORTION PROTOCOL TO PREVENT ILLEGAL INFORMATION FLOW AMONG OBJECTS
Keywords:
Illegal write, Suspicious read, Impossible write, Meaningless read, Lost read, Information ow control, Flexible read-write-abortion (FRWA) protocolsAbstract
In information systems, types of objects like multimedia objects are manipulated in var- ious applications like mobile systems. Here, information in objects may ow to another object. Suppose a transaction reads data in an object o1 and then writes data to another object o2. If a transaction reads the data in the object o2, the transaction can read data in the object o1 even if the transaction is not granted a read access right on the object o1. Here, the transaction illegally reads data in the object o2. Here, information in the object o1 might illegally ow to the object o2. A transaction illegally writes data to an object after illegally reading data in some object. In addition, we consider a suspicious object whose data is not allowed to ow to another object. A transaction suspiciously reads data in a suspicious object. A transaction impossibly writes data to an object after reading the data in a suspicious object. Write-abortion (WA) and read-write-abortion (RWA) protocols to prevent illegal information ow are already proposed in our pre- vious studies. In the WA protocol, a transaction is aborted once issuing an illegal or impossible write operation to an object. Read operations are meaninglessly performed since the read operations are undone due to the abortion of the transaction. In the RWA protocol, a transaction is aborted once issuing an illegal read or impossible write opera- tion to an object. Here, read operations to be performed after an illegal read operations are lost since a transaction is aborted just on issuing an illegal read operation. In this paper, we newly propose a exible read-write abortion (FRWA) protocol to reduce the number of meaningless and lost read operations. Here, a transaction is aborted with some probability if the transaction illegally reads data in an object. We evaluate the FRWA protocols compared with the WA and RWA protocols. We show the execution time of each transaction in the FRWA protocols is shorter than the WA protocols and more number of read operations can be performed in the RWA protocols.
Downloads
References
J. Bacon, D. Eyers, T. F. J. -M. Pasquier, J. Singh, I. Papagiannis, and P. Pietzuch (2014),
Information Flow Control for Secure Cloud Computing, IEEE Transactions on Network and Service
Management, Vol.11, No.1, pp.1-14.
D. E. R. Denning (1982), Cryptography and Data Security, Addison Wesley, 400 pages.
T. Enokido and M. Takizawa (2009), A Legal Information Flow (LIF) Scheduler Based on Role-
based Access Control Model, International Journal of Computer Standard and Interfaces, Vol.31,
No.5, pp.906-912.
T. Enokido and M. Takizawa (2010), A Purpose-based Synchronization Protocol for Secure In-
formation Flow Control, International Journal of Computer Systems Science and Engineering,
Vol.25, No.2, pp.25-32.
T. Enokido and M. Takizawa (2011), Purpose-based Information Flow Control for Cyber Engi-
neering, IEEE Transactions on Industrial Electronics, Vol.58, No.6, pp.2216-2225.
E. B. Fernadez, R. C. Summers, and C. Wood (1980), Database Security and Integrity, Addison
Wesley, 319 pages.
D. F. Ferraiolo, D. R. Kuhn, and R. Chandramouli (2007), Role-based Access Control (2nd ed.),
Artech, 381 pages.
K.-S. Fisher-Hellmann (2012), Information Flow Based Security Control Beyond RBAC, Springer
Vieweg, 159 pages.
J. Gray and A. Reuter (1993), Transaction Processing: Concepts and Techniques, Morgan Kauf-
mann, 1070 pages.
C. Hammer and G. Snelting (2009), Flow-sensitive, Context-sensitive, and Object-sensitive Infor-
mation Flow Control Based on Program Dependence Graphs, International Journal of Information
Security, Vol.8, No.6, pp.399-422.
S. Nakamura, D. Duolikun, and M. Takizawa (2015), Read-abortion (RA) Based Synchronization
Protocols to Prevent Illegal Information Flow, Journal of Computer and System Science, Vol.81,
No.8, pp1441-1451.
S. Nakamura, D. Duolikun, T. Enokido, and M. Takizawa (2015), A write abortion-based protocol
in role-based access control systems, International Journal of Adaptive and Innovative Systems,
Vol.2, No.2, pp.142-160.
S. Nakamura, D. Duolikun, A. Aikebaier, T. Enokido, and M. Takizawa (2014), Role-based In-
formation Flow Control Models, Proc. of IEEE the 28th International Conference on Advanced
Information Networking and Applications (AINA-2014), pp.1140-1147.
S. Nakamura, D. Duolikun, A. Aikebaier, T. Enokido, and M. Takizawa (2014), Synchronization
Protocols to Prevent Illegal Information Flow in Role-based Access Control Systems, Proc. of In-
ternational Conference on Complex, Intelligent, and Software Intensive Systems (CISIS-2014),
pp.279-286.
S. Nakamura, D. Duolikun, A. Aikebaier, T. Enokido, and M. Takizawa (2014), Read-Write Abor-
tion (RWA) Based Synchronization Protocols to Prevent Illegal Information Flow, Proc. of Inter-
national Conference on Network-Based Information Systems (NBiS-2014), pp.120-127.
S. Osborn, R. S. Sandhu, and Q. Munawer (2000), Con guring Role-Based Access Control to
Enforce Mandatory and Discretionary Access Control Policies, ACM Transactions on Information
and System Security, Vol.3, No.2, pp.85-106.
R. S. Sandhu (1993), Lattice-based Access Control Models, IEEE Computers, Vol.26, No.11, pp.9-
R. S. Sandhu (1996), Role-based Access Control Models, IEEE Computers, Vol.29, No.2, pp.28-47.
M. Yasuda, T. Tachikawa, and M. Takizawa (1998), A Purpose-Oriented Access Control Model
for Information Flow Management, Proc. of the 14th IFIP International Information Security
Conference (IFIP/SEC'98), pp.230{239.
N. Zeldovich, S. Boyd-Wickizer, and D. Mazieres (2008), Securing Distributed Systems with Infor-
mation Flow Control, Proc. of the 5th USENIX Symposium on Networked Systems Design and
Implementation, pp.293-308.