Preventing Unauthorized Data Flows
نویسندگان
چکیده
Trojan Horse attacks can lead to unauthorized data flows and can cause either a confidentiality violation or an integrity violation. Existing solutions to address this problem employ analysis techniques that keep track of all subject accesses to objects, and hence can be expensive. In this paper we show that for an unauthorized flow to exist in an access control matrix, a flow of length one must exist. Thus, to eliminate unauthorized flows, it is sufficient to remove all one-step flows, thereby avoiding the need for expensive transitive closure computations. This new insight allows us to develop an efficient methodology to identify and prevent all unauthorized flows leading to confidentiality and integrity violations. We develop separate solutions for two different environments that occur in real life, and experimentally validate the efficiency and restrictiveness of the proposed approaches using real data sets.
منابع مشابه
Windows NT Security
Revised June 1, 1998 Page 1 of 15 Preventing unauthorized access to sensitive data is essential in environments in which multiple users have access to the same physical or network resources. Operating systems (OSs) and individual users must be able to protect files, memory, and configuration settings from unauthorized viewing and modification. OS security includes obvious mechanisms such as acc...
متن کاملProtecting network users in mobile code systems
Conventional access control mechanisms are rather insensitive to occurrences of context-dependent illegal accesses. Insensitivity to context-dependent accesses may lead to failure to protect network users and resources. Context-dependent illegal accesses resulting from data and privilege flows in open networks cannot be prevented by either authentication or access control mechanisms since unaut...
متن کاملElements of trusted multicasting
Multicast is rapidly becoming an important mode of communication as well as a good platform for building group-oriented services. However, to be used for trusted communication, current multicast schemes must be supplemented by mechanisms for protecting traac, controlling participation, and restricting access of unauthorized users to the data exchanged by the participants. In this paper, we cons...
متن کاملoverview of ways to enhance the security of video surveillance networks using blockchain
In recent decades, video surveillance systems have an increasing development that are used to prevent crime and manage facilities with rapid diffusion of (CCTV)cameras to prevent crime and manage facilities. The video stored in the video surveillance system should be managed comfortably, but sometimes the movies are leaking out to unauthorized people or by unauthorized people, thus violating i...
متن کاملA Host Protection Framework Against Unauthorized Access for Ensuring Network Survivability
Currently, the major focus on the network security is securing individual components as well as preventing unauthorized access to network services. Ironically, Address Resolution Protocol (ARP) poisoning and spoofing techniques can be used to prohibit unauthorized network access and resource modifications. The protecting ARP which relies on hosts caching reply messages can be the primary method...
متن کامل