Abstract
We present the view that the method of multi-level access control, often considered confined in the theory of mandatory access control, is in fact necessary for data secrecy (i.e. confidentiality) and privacy. This is consequence of a result in directed graph theory showing that there is a partial order of components in any data flow graph. Then, given the data flow graph of any access control system, it is in principle possible to determine which multi-level access control system it implements. On the other hand, given any desired data flow graph, it is possible to assign subjects and data objects to its different levels and thus implement a multi-level access control system for secrecy and privacy. As a consequence, we propose that the well-established lattice model of secure information flow be replaced by a model based on partial orders of components. Applications to Internet of Things and Cloud contexts are briefly mentioned.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
