Abstract
We introduce a Colored Petri Net model for simulating and verifying information flow in distributed object systems. Access control is specified as prescribed by the OMG CORBA security specification. An insecure flow arises when information is transferred from one object to another in violation of the applied security policy. We provide precise definitions, which determine how discretionary access control is related to the secure or insecure transfer of information between objects. The model can be queried regarding the detected information flow paths and their dependencies. This is a valuable mean for the design of multilevel mandatory access control that addresses the problem of enforcing object classification constraints to prevent undesirable leakage and inference of sensitive information.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Chou, S.-C.: Information flow control among objects: Taking foreign objects into control. In: Proceedings of the 36th Hawaii International Conference on Systems Sciences (HICSS 2003), pp. 335a–344a. IEEE Computer Society, Los Alamitos (2003)
Christensen, S., Petrucci, L.: Modular state space analysis of Coloured Petri Nets. In: Proceedings of the 16th International Conference on Application and Theory of Petri Nets, Turin, Italy, pp. 201–217 (1995)
Dawson, S., Vimercati, S., Lincoln, P., Samarati, P.: Maximizing sharing of protected information. Journal of Computer and System Sciences 64(3), 496–541 (2002)
Georgiadis, C., Mavridis, I., Pangalos, G.: Healthcare teams over the Internet: Programming a certificate-based approach. International Journal of Medical Informatics 70, 161–171 (2003)
Halkidis, S.T., Chatzigeorgiou, A., Stephanides, G.: A qualitative evaluation of security patterns. In: López, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 132–144. Springer, Heidelberg (2004)
Izaki, K., Tanaka, K., Takizawa, M.: Information flow control in role-based model for distributed objects. In: Proceedings of the 8th International Conference on Parallel and Distributed Systems (ICPADS 2001), Kyongju City, Korea, pp. 363–370. IEEE Computer Society, Los Alamitos (2001)
Jensen, K.: An introduction to the practical use of colored Petri Nets. In: Reisig, W., Rozenberg, G. (eds.) APN 1998. LNCS, vol. 1492, pp. 237–292. Springer, Heidelberg (1998)
Jensen, K.: An introduction to the theoretical aspects of colored Petri Nets. In: de Bakker, J.W., de Roever, W.-P., Rozenberg, G. (eds.) REX 1993. LNCS, vol. 803, pp. 230–272. Springer, Heidelberg (1994)
Karjoth, G.: Authorization in CORBA security. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 143–158. Springer, Heidelberg (1998)
Lampson, B.W.: A note on the confinement problem. Communication of the ACM 16(10), 613–615 (1973)
Larsen, L., Harrold, M.: Slicing object oriented software. In: Proceedings of the 18th International Conference on Software Engineering, pp. 495–505 (1996)
Masri, W., Podgurski, A., Leon, D.: Detecting and debugging insecure information flows. In: Proceedings of the 15th International Symposium on Software Reliability Engineering (ISSRE 2004), Saint-Malo, Bretagne, France, pp. 198–209. IEEE Computer Society, Los Alamitos (2004)
Object Management Group: Security service specification, version 1.7, OMG Document 99-12-02 (1999)
Samarati, P., Bertino, E., Ciampichetti, A., Jajodia, S.: Information flow control in object-oriented systems. IEEE Transactions on Knowledge and Data Engineering 9(4), 524–538 (1997)
Sandhu, R.S.: Lattice-based access control models. IEEE Computer 26(11), 9–19 (1993)
Yasuda, M., Tachikawa, T., Takizawa, M.: Information flow in a purpose-oriented access control model. In: Proceedings of the 1997 International Conference on Parallel and Distributed Systems (ICPADS 1997), Seoul, Korea, pp. 244–249. IEEE Computer Society, Los Alamitos (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Katsaros, P. (2005). On the Design of Access Control to Prevent Sensitive Information Leakage in Distributed Object Systems: A Colored Petri Net Based Model. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE. OTM 2005. Lecture Notes in Computer Science, vol 3761. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11575801_2
Download citation
DOI: https://doi.org/10.1007/11575801_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29738-3
Online ISBN: 978-3-540-32120-0
eBook Packages: Computer ScienceComputer Science (R0)