A Flexible Read-Write Abortion Protocol with Sensitivity of Objects to Prevent Illegal Information Flow

Abstract

In information systems, objects have to be not only legally accessed in presence of illegal accesses but also data in a suspicious object is not allowed to flow to another object. A transaction illegally and suspiciously reads an object if the transaction reads the object which includes data in other objects which are not allowed to be read and the object which is suspicious, respectively. A transaction illegally and impossibly writes an object after illegally and suspiciously reading an object, respectively. The write-abortion (WA), read-write-abortion (RWA), and flexible RWA (FRWA) protocols to prevent illegal information flow are proposed in our previous papers. In the WA and RWA protocols, a transaction is aborted once issuing an illegal or impossible write and issuing an illegal read or impossible write, respectively. Reads are meaninglessly performed since the reads are later undone due to the abortion of the transaction in the WA protocol. Reads which can be performed after an illegal read are not performed, i.e. Lost since a transaction is aborted just once issuing an illegal read in the RWA protocol. In the FRWA protocol, a transaction is aborted with some probability once illegally reading an object in order to reduce the number of meaningless and lost reads. We newly introduce the sensitivity concept of an object in order to decide on the abortion probability. The more number of transactions are aborted after illegally reading an object, the more highly sensitive the object is. A transaction which illegally reads a more sensitive object is aborted with higher probability. In the evaluation, we show the execution time of each transaction in the FRWA protocol is shorter than WA and more number of reads can be performed than RWA.