Adding Flexibility in Information Flow Control for Object-Oriented Systems Using Versions
One of the main features of information flow control is to ensure the enforcement of privacy and regulated accessibility. However, most information flow models that have been proposed do not provide substantial assurance to enforce end-to-end confidentiality policies or they are too restrictive, overprotected, and inflexible. This paper presents an approach to control flow information in object-oriented systems using versions, thus allowing considerable flexibility without compromising system security by leaking sensitive information. Models based on message filtering intercept every message exchanged among objects to control the flow of information. Versions are proposed to provide flexibility and avoid unnecessary and undesirable blocking of messages during the filtering process. Two options of operations are supported by versions — cloning reply and non-cloning reply. Furthermore, we present an algorithm which enforces message filtering through these operations.