This Article 
 Bibliographic References 
 Add to: 
Information Flow Control in Object-Oriented Systems
July-August 1997 (vol. 9 no. 4)
pp. 524-538

Abstract—In this paper, we describe a high assurance discretionary access control model for object-oriented systems. The model not only ensures protection against Trojan horses leaking information, but provides the flexibility of discretionary access control at the same time. The basic idea of our approach is to check all information flows among objects in the system in order to block possible illegal flows. An illegal flow arises when information is transmitted from one object to another object in violation of the security policy. The interaction modes among objects are taken into account in determining illegal flows. We consider three different interaction modes that are standard interaction modes found in the open distributed processing models. The paper presents formal definitions and proof of correctness of our flow control algorithm.

[1] D.E. Bell and L.J. LaPadula, "Secure Computer Systems: Unified Exposition and Multics Interpretation," technical report, Mitre Corp., Mar. 1976.
[2] H.W. Bingham, "Access Controls in Burroughs Large Systems," Technical Report 404, Privacy and Security in Computer Systems, Nat'l Bureau of Standard Special Publication, 1974.
[3] W.E. Boebert and C.T. Ferguson, "A Partial Solution to the Discretionary Trojan Horse Problem," Proc. Eighth Nat'l Computer Security Conf., pp. 141-144,Gaithersburg, Md., 1985.
[4] S. Castano, M.G. Fugini, G. Martella, and P. Samarati, Database Security. Addison-Wesley, 1995.
[5] R.G.G. Cattell, Object Data Management, Addison-Wesley, 1994.
[6] D. Denning,"A lattice model of secure information flow," Comm. ACM, vol. 19, no. 5, pp. 236-243, 1976.
[7] R. Graubart, "On the Need for a Third Form of Access Control," Proc. 12th Nat'l Computer Security Conf., pp. 296-303,Gaithersburg, Md., 1989.
[8] S. Jajodia and B. Kogan,"Integrating an object-oriented data model with multilevel security," Proc. IEEE Symp. Research in Security and Privacy, IEEE, May 1990.
[9] M.H. Kang and I.S. Moskowitz, "A Pump for Rapid, Reliable, Secure Communication," Proc. ACM Conf. Computer&Commun. Security '93, pp. 119-129,Fairfax, Va., 1993.
[10] P.A. Karger, "Limiting the Damage Potential of Discretionary Trojan Horses," Proc. IEEE Symp. Security and Privacy, pp. 32-37,Oakland, Calif., 1987.
[11] X. Wu, "A Linear-Time Simple Bounding Volume Algorithm," Graphics Gems III, Academic Press, San Diego, Calif., 1992, pp. 301-306.
[12] F. Manola and G. Mitchell, "A Comparison of Object Models in ODBMS-Related Standards," IEEE Data Eng. Bull., vol. 17, pp. 27-35, Dec. 1994.
[13] C.J. McCollum, J.R. Messing, and L. Notargiacomo, "Beyond the Pale of MAC and DAC—Defining New Forms of Access Control," Proc. IEEE Symp. Security and Privacy, pp. 190-200,Oakland, Calif., 1990.
[14] R.S. Sandhu, R. Thomas, and S. Jajodia, "Supporting Timing Channel Free Computations in Multilevel Secure Object-Oriented Databases," C.E. Landwehr and S. Jajodia, eds., Database Security, V: Status and Prospects, pp. 297-314, North-Holland, 1992.
[15] A. Stoughton, "Access Flow: A Protection Model which Integrates Access Control and Information Flow," Proc. IEEE Symp. Security and Privacy, pp. 9-18,Oakland, Calif., 1981.
[16] K.G. Walter, W.F. Ogden, W.C. Rounds, F.T. Bradshaw, S.R. Ames, and D.G. Sumaway, "Primitive Models for Computer Security, Technical Report ESD-TR-4-117, Case Western Reserve Univ., Cleveland, Jan. 1974.
[17] A.L. Wilkinson, D.H. Anderson, D.P. Chang, L.H. Hin, A.J. Mayo, I.T. Viney, R. Williams, and W. Wright, "A Penetration Analysis of a Burroughs Large System," ACM SIGOPS Operation System Revs., vol. 15, no. 1, pp. 14-25, Jan. 1981.

Index Terms:
Object-oriented databases and systems, security, discretionary access control, mandatory access control, Trojan horse, distributed processing.
Pierangela Samarati, Elisa Bertino, Alessandro Ciampichetti, Sushil Jajodia, "Information Flow Control in Object-Oriented Systems," IEEE Transactions on Knowledge and Data Engineering, vol. 9, no. 4, pp. 524-538, July-Aug. 1997, doi:10.1109/69.617048
Usage of this product signifies your acceptance of the Terms of Use.