An information flow control model for C applications based on access control lists

Abstract

Access control within an application during its execution prevents information leakage. The prevention can be achieved through information flow control. Many information flow control models were developed, which may be based on discretionary access control (DAC), mandatory access control (MAC), label-based approach, and role-based access control (RBAC). Most existing models are for object-oriented systems. Since the procedural C language is still in use heavily, offering a model to control information flows for C applications should be fruitful. Although we identified information flow control models that can be applied to procedural languages, they do not offer the features we need. We thus developed a model to control information flows for C applications. Our model is based on access control lists (ACLs) and named CACL. It offers the following features: (a) controlling both read and write access, (b) preventing indirect information leakage, (c) detailing the control granularity to variables, (d) avoiding improper function call, (e) controlling function call through argument sensitivity, and (f) preventing change of an application when the access rights of the application’s real world users change. This paper presents CACL.