Abstract
We present the view that the method of multi-level access control, often considered confined in the theory of mandatory access control, is in fact necessary for data secrecy (i.e. confidentiality) and privacy. This is consequence of a result in directed graph theory showing that there is a partial order of components in any data flow graph. Then, given the data flow graph of any access control system, it is in principle possible to determine which multi-level access control system it implements. On the other hand, given any desired data flow graph, it is possible to assign subjects and data objects to its different levels and thus implement a multi-level access control system for secrecy and privacy. As a consequence, we propose that the well-established lattice model of secure information flow be replaced by a model based on partial orders of components. Applications to Internet of Things and Cloud contexts are briefly mentioned.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bang-Jensen, J., Gutin, G.Z.: Digraphs: Theory, Algorithms and Applications. Springer, Heidelberg (2010). https://doi.org/10.1007/978-1-84800-998-1. p. 17 and Fig. 1.12
Bell, D.E., La Padula, L.J.: Secure computer systems: unified exposition and Multics interpretation. TR MTR-2997 Rev. 1, Mitre Corporation (1976)
Bell, D.E.: Looking back at the Bell-La Padula model. In: 21st Annual IEEE Computer Security Applications Conference (2005, on line, no page numbers)
Cavoukian, A.: Privacy by design. The 7 Foundational Principles. White Paper, Information and Privacy Commissioner of Ontario, Canada (2009)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Trans. Inf. Syst. Secur. 5(2), 169–202 (2002)
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
Fernandez-Buglioni, E.: Security Patterns in Practice. Wiley, Hoboken (2013)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House, Norwood (2007)
Foley, S.N.: Aggregation and separation as noninterference properties. J. Comput. Secur. 1(2), 159–188 (1992)
Harary, F., Norman, R.Z., Cartwright, D.: Structural Models: An Introduction to the Theory of Directed Graphs. Wiley, Hoboken (1966). Chap. 3
Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. Computer 48(2), 85–88 (2015)
Jaume, M., Viet Triem Tong, V., Mé, L.: Flow based interpretation of access control: detection of illegal information flows. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 72–86. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25560-1_5
Landwehr, C.E.: Formal models for computer security. ACM Comput. Surv. 13(3), 247–278 (1981)
Landwehr, C.E.: Privacy research directions. Commun. ACM 59(2), 29–31 (2016)
Logrippo, L.: Logical method for reasoning about access control and data flow control models. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 205–220. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17040-4_13
Logrippo, L.: A first-order logic formalism for access control and flow control, with application to multi-level access control. In preparation
Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol. 9(4), 410–442 (2000)
Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-662-03811-6
Osborn, S.L., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur. 3(2), 85–106 (2000)
Osborn, S.L.: Information flow analysis of an RBAC system. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, (SACMAT 2002), pp. 163–168 (2002)
Rushby, J.: Noninterference, transitivity, and channel-control security policies. TR CSL-92-02. Computer Science Lab., SRI International, Menlo Park, CA (1992)
Samarati, P., de Vimercati, S.C.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45608-2_3
Sandhu, R.: Lattice-based access control models. Computer 26(11), 9–19 (1993)
Smith, R.: Multilevel security. In: Bidgoli, H. (ed.) Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection and Management, vol. 3. Wiley, Hoboken (2005). Chap. 205
Stambouli, A., Logrippo, L.: Data flow analysis with access control matrices or RBAC permission lists. Submitted for publication
Tarjan, R.E.: Depth-first search and linear graph algorithms. SIAM J. Comput. 1(2), 146–160 (1972)
Acknowledgment
This work was partially supported by a grant of the Natural Sciences and Engineering Research Council of Canada. The author is indebted to Sofiene Boulares and Abdelouadoud Stambouli for many useful discussions, and to Guy-Vincent Jourdan for useful comments on the draft copy.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Logrippo, L. (2018). Multi-level Access Control, Directed Graphs and Partial Orders in Flow Control for Data Secrecy and Privacy. In: Imine, A., Fernandez, J., Marion, JY., Logrippo, L., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2017. Lecture Notes in Computer Science(), vol 10723. Springer, Cham. https://doi.org/10.1007/978-3-319-75650-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-75650-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75649-3
Online ISBN: 978-3-319-75650-9
eBook Packages: Computer ScienceComputer Science (R0)