Information Flow Control with Decentralized Labeling Model in Information Security

  • Veli Hakkoymaz Yildiz Technical University, Computer Engineering Department, Istanbul, Turkey
  • Cigdem Bakir Yildiz Technical University, Computer Engineering Department, Istanbul, Turkey https://orcid.org/0000-0001-8482-2412
Keywords: Label model, data confidentiality, path compression, distributed databases, data privacy

Abstract

Data security aims to prevent the use, modification, and spread of data by unauthorized people. In this study, our purpose was to provide data privacy and confidentiality with information flow control in distributed databases. In particular, a decentralized label model was developed that maintained confidentiality, including privacy, with data flow control. This model consists of an actor, an object, and a label. The owners of the objects are actors, and they need to share their data objects with others. Actors label the data objects and then send them out. A label contains the policy statements of data security issued by each of the owners. Each owner sets its own security and privacy policy independently of the other owners. The confidentiality of data in unsecured transport channels is ensured for all the actors in the system by means of labels while the data are in flow. Data objects are spread and shared securely among actors within unsecured environments. In addition, with the path compression, the long node chain that is formed while the data objects are passing between the source node and the destination is broken, so that the objects are retrieved fast, and the cost of access is reduced. This result was shown experimentally by modeling the distributed environment.

Downloads

Download data is not yet available.

Author Biographies

Veli Hakkoymaz, Yildiz Technical University, Computer Engineering Department, Istanbul, Turkey

Veli Hakkoymaz received B.S. degrees in computer engineering from Hacettepe University, in 1987 and M.S.degree in Computer Science from University of Pittsburgh (PA), In 1992, Ph.D.degree in CWRU (OH) in 1997. In 2011, he received the title of Associate Professor at Yildiz Technical University. He works Yildiz Technical University as Associate Professor since 2011. His research interests include database management systems, computer architecture, operating systems and distributed systems.

Cigdem Bakir, Yildiz Technical University, Computer Engineering Department, Istanbul, Turkey

Cigdem Bakir is a Ph.D. student at the University of Yildiz Technical University since 2014. She received B.S. degrees in computer engineering from the University of Sakarya, in 2010 and the M.S. degree in computer engineering from Yildiz Technical University, İstanbul, in 2014. She worked a Research Assistant at Yildiz Technical University and Igdir University. She works Erzincan Binali Yildirim University since 2020. Bakir is currently completing a doctorate in Computer Science at the University of Yildiz Technical at Istanbul. Her Ph.D. research interests include information security, distributed database, and computer networks.

References

Lin, J.; Yu, W.; Zhang, N. A survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy and Applications, IEEE Internet of Things, 2017, 4, 5, pp. 1125-1142.

Mercuri, R. T. The HIPAA-Potamus in Health Care Data Security, Communications of the ACM Security Watch, 2004, 47, 2, pp. 25-28.

Dağdeviren, M.; Dönemez , N. Developing a new model for Supplier Evaluation Process for a company and its Applications, Journal of Faculty of Engineering and Architecture of Gazi University, 2006, 21, 2, pp. 247-255.

Sultana, T.; Almogren, A. Data Sharing System Integrating Access Control Mechanism using Blochchain-Based Smart Cantracts for IoT Devices, MDPI Applied Sciences, 2020,10, 2, pp.488-509.

Vural, Y.; Sağıroğlu, Ş. A review on Enterprise Information Security and Standards, Journal of the Faculty of Engineering and Architecture of Gazi University, 2008, 23, 2, pp. 507-522.

Amo, D.; Alien, M. Protected Users: A Moodle Plugin to Improve Confidentiality and Privacyy Support through User Aliases, MDPI Sustainability Opportunities and Challenges for the Future of Open Education, 2020, 12, 6, pp. 2548-2564.

Bogaert, K. Confidentiality and Privacy: What is the difference?, South African Family Practice, 2009, l 51, 3, pp. 194-195.

Vimercati, S.; Foresti, S.; Livraga, G. Privacy in Pervasive Systems: Social and Legal Aspects and Technical Solutions, Data Management in Pervasive Systems, 43-65, 2015.

Papadimitriou, P.; .Garcia-Molina, H. Data Leakage Detection, IEEE Transactions on Knowledge and Data Engineering, 2020, 23, 1, pp.51-63.

Faria, P.L.; Cordeiro, J.V. Health data privacy and confidentility rights: Crisis or redemption?, Springer Revista Portuguesa de Saute Publica, 2014, 32, 2, pp.123-133.

Clifton, C.W. Privacy Beyond Confidentiality, In Procedings of the ACM SIGSAC Conference and Communications Security (CCS’14), pp.1156-1156, 2014.

Hurrah, N.; Parah, S. ecure data transmission framework for confidentiality in IoT”, Elsevier Ad Hoc Networks, 2019, 95, 101989.

Al-Jarabi, S.; Al-Shourbaji, M.S. Survey of main challenges (security and privacy) in wireless body area networks for healtcare applications, Egyptia Informatics Journal, 2017, 18, pp. 113-122.

Esfandiari, H.; Hajigohayi, M. Streaming Algorithms for Estimating the Matching Size in Planar Graphs and Beyond, ACM Transactions on Algorithms, 2018, 14.

Liu, J.; George, M. D. Fabric: A Platform for Secure Distributed Computation and Storage, ACM Symposium on Operating Systems Principles and Implementation (SOSP), pp.321-334, 2009.

Clifton, W. Privacy Beyond Confidentiality, In Procedings of the ACM SIGSAC Conference and Communications Security (CCS’14), 2014, pp.1156-1156.

Al-Jarabi, S.; Al-Shourbaji, M.S. Survey of main challenges (security and privacy) in wireless body area networks for healtcare applications, Egyptia Informatics Journal, 2017, 18, pp. 113-122.

Gupta, B.B.; Shingo, Y. Advances in Security and Privacy of Multimedia Big Data in Mobile and Cloud Computing, Multimedia Tools and Applications, 2018, 77, 7, pp. 9203-9208.

Vorakulpipat, C.; Sirapaisan, S. A Policy-Based Framework for Preserving Confidentiality in BYOD Environments. A review of Information Security Perspectives, Hindawi Security and Communication Networks, 2017, pp.1-11.

Liu, J.; Arden, O. Fabric:Building Open Distributed Systems Securely by Construction, Journal of Computer Security, 2017, 25, 4-5, pp. 367-426.

Garesh, N.; Troia, F. Static Analysis of Malicious Java Applets, ACM on International Workshop on Security and Privacy Analytics, Lousiana USA, pp.58-63, 2016.

Kim, N.Y.; Ryu, J.H. CF- CloudOrch:Container fog node-based cloud orchestration for IoT networks, The Journal of Supercomputing, 2018, 74, 12, 7024-7045.

Bakir, Ç.; Hakkoymaz, V. Dağıtık Veritabanında Veri Etiketleme ile Bilgi Akış Denetimi, 5.Ulusal Yüksek Başarımlı Hesaplama Konferansı, Esenler İstanbul, 1-6, 2017.

Cai, F.; Zhu, N. Survey of Access Control Models and Technologies for Cloud Computing, Springer Cluster Computing, pp.1-12, 2018.

Atlam, H.; Alassafi, M.O. XACML for Building Access Control Policies in Internet of Things, 3rd International Conference on Internet of Things, Big Data and Security, pp. 253-260, 2018.

Rana, M.; Jayabalan, M. Privacy and Security Challenges towards Cloud Based Access Control in Electronic Health Records, Asian Journal of Information Technology, 2017, 16, 2-5, pp. 274-281.

Alrumayh, A.;Lehman, S.Context aware access control for home voice assistent in multi-occupant homes, Pervasive and mobile computing, 2020.

Mistry, I.; Tanwar, S. Blockchain for 5G-enabled IoT for industrial automation: A Systematic review, solutions and challenges, Elsevier Mechanical Systems and Signal Processing, 2019, 135, 106382.

Servos, D.; Osborn, S.L. Current Research and Open Problems in Attribute-Based Access Control, ACM Computing Surveys, 49, 4, 2017.

Li, Q.; Snadhu, R. Mandatory Content Access Control for Privacy Protectionin Information Centric Networks, IEEE Transactions on Dependable and Secure Computing, 2017, 14, 5, pp. 494-506.

Viswasrao, D.;Kumar, A. Blochchain-enabled Distributed Security Framework for Next Generation IoT: An Edge- Cloud and Software Defined Network Integrated Approach, IEEE Internet of Things Journal, 2020, pp.1-8.

W.Cheng, D.R.Ports at all, “Abstractions for Usable Information Flow Control in Aeolus”, 2012 Usenix Annual Technical Conference, pp.1-13, 2012.

R.Barejee, S.Chatterjee at all, “Performance of a Discrete Wavelet Transform Based Path Merging Compression Technique for Wireless Multimedia Sensor Networks”, Wireless Personal Communications, vol.4, pp.57-71, 2019.

J.Janet, S.Balahrishnan at all, “Optimizing Data Movement within Cloud Environment using Efficient Compression Techniques”, International Conference on Information Communication and Embedded Systems, 2016.

B.Liu, X.Yu at all, “Blockchain based Data Integrity Service Framework for IoT Data”, IEEE International Conference on Web Services, 2017.

J.Cui, L.Shao at all, “Data aggregation with end-to-end Confidentiliaty and Integrity for large-scale Wireless Sensor Networks”, Peer to Peer Networking and Applications, 2018, 25, 5, pp. 1022-1037.

Vijayakumar, K.; Arun, C. Continuous security assesment of cloud based applications using distributed hashing algorithm in SDLC”, Springer Cluster Computing, 2019, 22, pp.10789-108000.

Myers, A. C.; Liskov, B. Complete, Safe Information Flow with Decentralized Labels, In Proc. IEEE Symposium on Security and Privacy, 1998.

Burow, N.; Carr, S.A. Control-Flow Integrity; Preccision, Security and Performance, ACM Computing Surveys, 50, 1, pp.1-16, 2017.

Ulaştırma Denizcilik ve Haberleşme Bakanlığı, Ulusal Siber Güvenlik Stratejisi, 2016-2019, Referans.

Rong, X.; Hui, L. Provenance-based data flow control mechanism for Internet of things, Wiley Online Library Security and Privacy, 2020, pp.1-23.

Published
2020-12-25
Section
Advancements in AI and Nature-inspired Approaches for Web Data Security