An Integrated Model for Access Control and Information Flow Requirements

  • Samiha Ayed
  • Nora Cuppens-Boulahia
  • Frédéric Cuppens
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4846)


Current information systems are more and more complex. They require more interactions between different components and users. So, ensuring system security must not be limited to using an access control model but also, it is primordial to deal with information flows in a system. Thus, an important function of a security policy is to enforce access to different system elements and supervise information flows simultaneously. Several works have been undertaken to join together models of access control and information flow. Unfortunately, beyond the fact that the reference model they use is BLP which is quite rigid, these research works suggest a non integrated models which do nothing but juxtapose access control and information flow controls or are based on a misuse of a mapping between MLS and RBAC models. In this paper, we suggest to formalize DTE model in order to use it as a solution for a flexible information flow control. Then, we integrate it into an unique access control model expressive enough to handle access and flow control security rules. The expressivity of the OrBAC model makes this integration possible and quite natural.


DTE OrBAC MLS RBAC Security Policy 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sandhu, R.S.: Lattice-Based Access Control Models. IEEE Computer 26(11), 9–19 (1993)Google Scholar
  2. 2.
    Nyanchama, M., Osborn, S.: Information Flow Analysis in Role-Based Security Systems. In: Proc. ICCI 1994. International Conference on Computing and Information, pp. 1368–1384 (1994)Google Scholar
  3. 3.
    Nyanchama, M., Osborn, S.: Modeling Mandatory Access Control in Role-Based Security Systems. In: IFIP Workshop on Database Security (1996)Google Scholar
  4. 4.
    Sandhu, R.: Role Hierarchies and Constraints for Lattice-Based Access Controls. In: Proc. Fourth European Symposium on Research in Computer Security, Rome, Italy (1996)Google Scholar
  5. 5.
    Osborn, S.: Mandatory Access Control and Role-Based Access Control Revisited. In: Proceedings of the second ACM workshop on Role-based access control, Fairfax, Virginia, United States, pp. 31–40 (1997)Google Scholar
  6. 6.
    Kuhn, D.R.: Role Based Access control on MLS Systems without Kernel changes. In: Proceedings of the third ACM Workshop on Role-Based Access Control, Fairfax, Virginia, United States, pp. 25–32 (1998)Google Scholar
  7. 7.
    Osborn, S., Sandhu, R., Munawer, Q.: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access control Policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)CrossRefGoogle Scholar
  8. 8.
    Demurjian, S.: Implementation of Mandatory Access control in Role-Based Security System. CSE367 Final Project report (2001)Google Scholar
  9. 9.
    Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification. In: Proc. IEEE Computer Security Foundations Workshop, pp. 172–186 (June 2004)Google Scholar
  10. 10.
    Sandhu, R., Munawer, Q.: How to do discretionary access control using roles. In: Proc. of the 3rd ACM Workshop on Role Based Access Control (RBAC 1998), Fairfax, VA, USA (1998)Google Scholar
  11. 11.
    Atluri, V., Huang, W.-K.: Enforcing Mandatory and Discretionary security in Workflow Management Systems. Journal of Computer Security 5(4), 303–339 (1997)Google Scholar
  12. 12.
    Atluri, V., Huang, W.-K., Bertino, E.: A semantic Based Execution Model for Multilevel Secure Workflows. Journal of Computer Security 8(1) (2000)Google Scholar
  13. 13.
    Liu, L.: On secure Flow Analysis in Computer systems. In: Proc. IEEE Symposium on Research in Security and Privacy, pp. 22–33 (1980)Google Scholar
  14. 14.
    Millen, J.K.: Information Flow Analysis of Formal Specifications. In: Proc. IEEE Symposium on Research in Security and Privacy, pp. 3–8 (1981)Google Scholar
  15. 15.
    Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M., Haghighat, S.A.: Practical Domain and Type Enforcement for Unix. In: IEEE Symposium on Security and Privacy, Oakland, CA, USA (1995)Google Scholar
  16. 16.
    Tidswell, J., Potter, J.: Domain and Type Enforcement in a μ-Kemel. In: Proceedings of the 20th Australasian Computer Science Conference, Sydney, Australia (1997)Google Scholar
  17. 17.
    Kiszka, J., Wagner, B.: Domain and Type Enforcement for Real-Time Operating Systems. In: Proceedings ETFA 2003, Emerging Technologies and Factory Automation (2003)Google Scholar
  18. 18.
    Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miége, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks, Lake Come, Italy (2003)Google Scholar
  19. 19.
    Cuppens, F., Cuppens-Boulahia, N., Sans, T., Miége, A.: A formal approach to specify and deploy a network security policy. In: Second Workshop on Formal Aspects in Security and Trust (FAST), Toulouse, France (2004)Google Scholar
  20. 20.
    Cuppens, F., Cuppens-Boulahia, N., Miége, A.: Inheritance hierarchies in the Or-BAC model and application in a network environment. In: Second Foundations of Computer Security Workshop (FCS 2004), Turku, Finlande (2004)Google Scholar
  21. 21.
    Cuppens, F., Miége, A.: Modelling contexts in the Or-BAC model. In: 19th Annual Computer Security Applications Conference, Las Vegas (2003)Google Scholar
  22. 22.
    Boebert, W.E., Kain, R.Y.: A further Note on the Confinment Problem. In: Proceedings of the IEEE 1996 International Carnahan Conference on Security Technology, IEEE Computer Society, New York (1996)Google Scholar
  23. 23.
    Boebert, W.E., Kain, R.Y., Young, W.D.: The extended Access Matrix Model of Computer Security. ACM Sigsoft Software Engineering Notes 10(4) (1985)Google Scholar
  24. 24.
    Hallyn, S., Kearns, P.: Tools to Administer Domain and Type Enforcement. LISA XV. San Diego, CA (2001)Google Scholar
  25. 25.
    Oostendorp, K.A., Badger, L., Vance, C.D., Morrison, W.G., Petkac, M.J., Sherman, D.L., Sterne, D.F.: Domain and Type Enforcement Firewalls. In: Proceedings of the Thirteenth Annual Computer Security Applications Conference, San Diego, California, pp. 122–132 (1997)Google Scholar
  26. 26.
    Walker, K.M., Sterne, D.F., Lee Badger, M., Petkac, M.J., Shermann, D.L., Oostendorp, K.A.: Confining Root Programs with Domain and Type Enforcement (DTE). In: Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography, San Jose, California, vol. 6 (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Samiha Ayed
    • 1
  • Nora Cuppens-Boulahia
    • 1
  • Frédéric Cuppens
    • 1
  1. 1.ENST-Bretagne, Cesson Sevigne 35576France

Personalised recommendations