scholarly journals A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures

2021 ◽  
Author(s):  
Stephan Seifermann ◽  
Robert Heinrich ◽  
Dominik Werle ◽  
Ralf Reussner
Keyword(s):  
Access Control ◽  
Information Flow ◽  
Unified Model ◽  
Software Architectures

scholarly journals A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures

2021 ◽  
Author(s):  
Stephan Seifermann ◽  
Robert Heinrich ◽  
Dominik Werle ◽  
Ralf Reussner
Keyword(s):  
Access Control ◽  
Information Flow ◽  
Unified Model ◽  
Software Architectures

Hardware Information Flow Tracking

2021 ◽  
Vol 54 (4) ◽  
pp. 1-39
Author(s):  
Wei Hu ◽  
Armaiti Ardeshiricham ◽  
Ryan Kastner
Keyword(s):  
Access Control ◽  
Computer Security ◽  
Information Flow ◽  
Hardware Security ◽  
Computing System ◽  
Security Vulnerabilities ◽  
Information Flow Tracking ◽  
Side Channels ◽  
Security Properties ◽  
Tools And Techniques

Information flow tracking (IFT) is a fundamental computer security technique used to understand how information moves through a computing system. Hardware IFT techniques specifically target security vulnerabilities related to the design, verification, testing, manufacturing, and deployment of hardware circuits. Hardware IFT can detect unintentional design flaws, malicious circuit modifications, timing side channels, access control violations, and other insecure hardware behaviors. This article surveys the area of hardware IFT. We start with a discussion on the basics of IFT, whose foundations were introduced by Denning in the 1970s. Building upon this, we develop a taxonomy for hardware IFT. We use this to classify and differentiate hardware IFT tools and techniques. Finally, we discuss the challenges yet to be resolved. The survey shows that hardware IFT provides a powerful technique for identifying hardware security vulnerabilities, as well as verifying and enforcing hardware security properties.

Access Control and Information Flow Control for Web Services Security

2016 ◽  
Vol 11 (1) ◽  
pp. 44-76 ◽  
Author(s):  
Saadia Kedjar ◽  
Abdelkamel Tari ◽  
Peter Bertok
Keyword(s):  
Web Services ◽  
Access Control ◽  
Flow Control ◽  
Information Flow ◽  
Information Flow Control ◽  
User Access ◽  
Web Services Security ◽  
Information Confidentiality ◽  
Security Standards

With the advancement of web services technology, security has become an increasingly important issue. Various security standards have been developed to secure web services at the transport and message level, but application level has received less attention. The security solutions at the application level focus on access control which cannot alone ensure the confidentiality and integrity of information. The solution proposed in this paper consists on a hybrid model that combines access control (AC) and information flow control (IFC). The AC mechanism uses the concept of roles and attributes to control user access to web services' methods. The IFC mechanism uses labels to control how the roles access to the system's objects and verify the information flows between them to ensure the information confidentiality and integrity. This manuscript describes the model, gives the demonstration of the IFC model safety, presents the modeling and implementation of the model and a case study.

Information flow control in multithread applications based on access control lists

2006 ◽  
Vol 48 (8) ◽  
pp. 717-725 ◽  
Author(s):  
Shih-Chien Chou ◽  
Wei-Kuang Lo ◽  
Chia-Wei Lai
Keyword(s):  
Access Control ◽  
Flow Control ◽  
Information Flow ◽  
Information Flow Control

LOCKING PROTOCOL FOR INFORMATION FLOW CONTROL

2004 ◽  
Vol 05 (03) ◽  
pp. 233-247 ◽  
Author(s):  
RYUNG CHON ◽  
KOUHEI TAKEDA ◽  
TOMOYA ENOKIDO ◽  
MAKOTO TAKIZAWA
Keyword(s):  
Access Control ◽  
Flow Control ◽  
Information Flow ◽  
Single Server ◽  
Role Based Access Control ◽  
Information Flow Control ◽  
Server Systems ◽  
Locking Protocol ◽  
Role Based ◽  
Multi Server

We discuss a novel role locking protocol (RLP) to prevent illegal information flow among objects in a role-based access control (RBAC) model. In this paper, we define a conflicting relation among roles "a role R1 conflicts with another role R2" to show that illegal information flow may occur if a transaction associated with role R1 is performed before another transaction with role R2. Here, we introduce a role lock on an object to abort a transaction with role R1 if another transaction with role R2 had been already performed on the object. Role locks are not released even if transactions issuing the role locks commit. After data in an object o1 flow to another object o2, if the object o1 is updated, the data in the object o2 is independent of the object o1, i.e. obsolete. A role lock on an object can be released if information brought into the object is obsolete. We discuss how to release obsolete role locks. We also discuss how to implement the role locking protocol in single-server and multi-server systems.

Sign in / Sign up

Export Citation Format

Share Document