Skip to main content
SpringerLink
Log in

Flow Based Interpretation of Access Control: Detection of Illegal Information Flows

  • Conference paper
Information Systems Security (ICISS 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7093))

Included in the following conference series:

Abstract

In this paper, we introduce a formal property characterizing access control policies for which the interpretations of access control as mechanism over objects and as mechanism over information contained into objects are similar. This leads us to define both a flow based interpretation of access control policies and the information flows generated during the executions of a system implementing an access control mechanism. When these two interpretations are not equivalent, we propose to add a mechanism dedicated to illegal information flow detection to the mechanism of access control over objects. Such a mechanism is parameterized by the access control policy and is proved sound and complete. Finally, we briefly describe two real implementations, at two levels of granularity, of our illegal flow detection mechanism: one for the Linux operating system and one for the Java Virtual Machine. We show that the whole approach is effective in detecting real life computer attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bell, D., LaPadula, L.: Secure Computer Systems: a Mathematical Model. Technical Report MTR-2547 (Vol. II), MITRE Corp., Bedford, MA (May 1973)

    Google Scholar 

  2. Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: Proc. IEEE Symposium on Security and Privacy, pp. 206–214 (1989)

    Google Scholar 

  3. Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  4. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM 20(7), 504–513 (1977)

    Article  MATH  Google Scholar 

  5. Ferraiolo, D.F., Kuhn, D.R.: Role-based access control. In: Proceedings of the 15th National Computer Security Conference (1992)

    Google Scholar 

  6. Geller, S., Hauser, C., Tronel, F., Viet Triem Tong, V.: Information flow control for intrusion detection derived from mac policy. In: IEEE International Conference on Communications, ICC 2011 (2011)

    Google Scholar 

  7. Harrison, M., Ruzzo, W., Ullman, J.: Protection in operating systems. Communications of the ACM 19, 461–471 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  8. Hiet, G., Viet Triem Tong, V., Mé, L., Morin, B.: Policy-based intrusion detection in web applications by monitoring java information flows. In: 3nd International Conference on Risks and Security of Internet and Systems, CRiSIS 2008 (2008)

    Google Scholar 

  9. Jaume, M.: Security Rules versus Security Properties. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 231–245. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  10. Ko, C., Redmond, T.: Noninterference and intrusion detection. In: IEEE Symposium on Security and Privacy, pp. 177–187 (2002)

    Google Scholar 

  11. Myers, A.C.: Jflow: Practical mostly-static information flow control. In: Proceedings of the 26th ACM on Principles of Programming Languages (1999)

    Google Scholar 

  12. Myers, A.C., Liskov, B.: Complete safe information flow with decentralized labels. In: IEEE Symposium on Security and Privacy (1998)

    Google Scholar 

  13. Myers, A.C., Liskov, B.: A decentralized model for information flow control. SIGOPS Oper. Syst. Rev. 31(5), 129–142 (1997)

    Article  Google Scholar 

  14. Osborn, S.L.: Information flow analysis of an RBAC system. In: 7th ACM Symposium on Access Control Models and Technologies SACMAT, pp. 163–168 (2002)

    Google Scholar 

  15. Sandhu, R.S.: Lattice-Based Access Control Models. IEEE Computer 26(11), 9–19 (1993)

    Article  Google Scholar 

  16. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  17. Schneider, F.B.: Enforceable security policies. Information and System Security 3(1), 30–50 (2000)

    Article  Google Scholar 

  18. Viet Triem Tong, V., Clark, A., Mé, L.: Specifying and enforcing a fined-grained information flow policy: Model and experiments. Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications, JOWUA (2010)

    Google Scholar 

  19. Zimmermann, J., Mé, L., Bidan, C.: An Improved Reference Flow Control Model for Policy-Based Intrusion Detection. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 291–308. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University Pierre & Marie Curie, LIP6, Paris, France

    Mathieu Jaume

  2. SUPELEC, SSIR Group (EA 4039), Rennes, France

    Valérie Viet Triem Tong & Ludovic Mé

Authors
  1. Mathieu Jaume
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Valérie Viet Triem Tong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ludovic Mé
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030-4422, Fairfax, VA, USA

    Sushil Jajodia

  2. Center for Distributed Computing, Jadavpur University, 7000032, Kolkata, India

    Chandan Mazumdar

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jaume, M., Viet Triem Tong, V., Mé, L. (2011). Flow Based Interpretation of Access Control: Detection of Illegal Information Flows. In: Jajodia, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2011. Lecture Notes in Computer Science, vol 7093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25560-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25560-1_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25559-5

  • Online ISBN: 978-3-642-25560-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation