Enriching the Expressive Power of Security Labels
نویسندگان
چکیده
|Common security models such as Bell-LaPadula focus on the control of access to sensitive data but leave some important systems issues unspeciied, such as the implementation of read-only objects, garbage collection, and object upgrade and downgrade paths. Consequently, diier-ent implementations of the same security model may have connicting operational and security semantics. We propose the use of more expressive security labels for specifying these system issues within the security model, so that the semantics of a system design are precisely understood and are independent of implementation details.
منابع مشابه
Dynamic Security Labels and Noninterference
This paper explores information flow control in systems in which the security classes of data can vary dynamically. Information flow policies provide the means to express strong security requirements for data confidentiality and integrity. Recent work on security-typed programming languages has shown that information flow can be analyzed statically, ensuring that programs will respect the restr...
متن کاملCERIAS Tech Report 2005-83 A THEORY BASED ON SECURITY ANALYSIS FOR COMPARING THE EXPRESSIVE POWER OF ACCESS CONTROL MODELS
Tripunitara, Mahesh V. Ph.D., Purdue University, December, 2005. A Theory Based on Security Analysis for Comparing the Expressive Power of Access Control Models. Major Professor: Ninghui Li. We present a theory for comparing the expressive power of access control models. Our theory is based on reductions that preserve the results of security analysis. Security analysis is an approach to the ver...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کاملIt's My Privilege: Controlling Downgrading in DC-Labels
Disjunction Category Labels (DC-labels) are an expressive label format used to classify the sensitivity of data in information-flow control systems. DC-labels use capability-like privileges to downgrade information. Inappropriate use of privileges can compromise security, but DC-labels provide no mechanism to ensure appropriate use. We extend DC-labels with the novel notions of bounded privileg...
متن کاملA theory for comparing the expressive power of access control models
Comparing the expressive power of access control models is recognized as a fundamental problem in computer security. While such comparisons are generally based on simulations between different access control schemes, the definitions for simulations that are used in the literature are informal, and make it impossible to put results and claims about the expressive power of access control models i...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IEEE Trans. Knowl. Data Eng.
دوره 7 شماره
صفحات -
تاریخ انتشار 1995