Abstract
In the access control models to make a system secure, a transaction is allowed to read and write an object like a file only if access rights on the object are granted. Suppose a transaction \(T_1\) reads data d from a file \(f_1\) and then writes the data d to another file \(f_2\). Here, another transaction \(T_2\) can get the data d by reading the file \(f_2\) even if \(T_2\) is not granted a read right on the file \(f_1\). Here, the read operation issued by the transaction \(T_2\) is illegal. In our previous studies, a condition to detect an illegal read operation is defined based on the role-based access control (RBAC) model. Here, once a transaction issues an illegal read operation, the transaction is aborted. However, even if the illegal condition is satisfied for a transaction issuing a read operation, illegal information flow may not occur. In this paper, we newly propose a modified read abortion (MRA) protocol which uses a new condition on maximal roles of role sets. In addition, we consider only maximal roles which include a read right on an object which a transaction can read. In the evaluation, we show the number of transactions aborting can be reduced.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Database management system sybase. http://infocenter.sybase.com/help/index.jsp
Date, C.J.: An Introduction to Database Systems, 8th edn. Addison-Wesley, Reading (2013)
Denning, D.E.R.: Cryptography and Data Security. Addison-Wesley, Reading (1982)
Enokido, T., Takizawa, M.: Purpose-based information flow control for cyber engineering. IEEE Trans. Ind. Electron. 58(6), 2216–2225 (2011)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Controls, 2nd edn. Artech House, Norwood (2007)
Nakamura, S., Duolikun, D., Aikebaier, A., Enokido, T., Takizawa, M.: Role-based information flow control models. In: Proceedings of the IEEE the 28th International Conference on Advanced Information Networking and Applications (AINA 2014), pp. 1140–1147 (2014)
Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: A flexible read-write abortion protocol to prevent illegal information flow among objects. J. Mob. Multimed. 11(3–4), 263–280 (2015)
Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: A write abortion-based protocol in role-based access control systems. Int. J. Adapt. Innov. Syst. 2(2), 142–160 (2015)
Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: A read-write abortion (RWA) protocol to prevent illegal information flow in role-based access control systems. Int. J. Space-Based Situated Comput. 6(1), 43–53 (2016)
Nakamura, S., Duolikun, D., Takizawa, M.: Read-abortion (RA) based synchronization protocols to prevent illegal information flow. J. Comput. Syst. Sci. 81(8), 1441–1451 (2015)
Wang, M., Wang, J., Guo, K.: Extensible markup language keywords search based on security access control. Int. J. Grid Util. Comput. 9(1), 43–50 (2018)
Acknowledgements
The work was supported by JSPS KAKENHI grant number 15H0295.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Hayashi, S., Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M. (2019). Evaluation of a Protocol to Prevent Illegal Information Flow Based on Maximal Roles in the RBAC Model. In: Barolli, L., Xhafa, F., Khan, Z., Odhabi, H. (eds) Advances in Internet, Data and Web Technologies. EIDWT 2019. Lecture Notes on Data Engineering and Communications Technologies, vol 29. Springer, Cham. https://doi.org/10.1007/978-3-030-12839-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-12839-5_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12838-8
Online ISBN: 978-3-030-12839-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)